CVE-2002-1731
First published: Tue Dec 31 2002(Updated: )
The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM iSeries AS/400 | =v4r5 | |
| IBM iSeries AS/400 | =v4r4 | |
| IBM iSeries AS/400 | =v4r3 | |
| IBM iSeries AS/400 | =v5r1 | |
| IBM iSeries AS/400 | =v4r2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-1731?
CVE-2002-1731 is classified as a medium-severity vulnerability due to its potential for enumeration of valid user accounts.
How do I fix CVE-2002-1731?
To mitigate CVE-2002-1731, it is recommended to update AS/400 software to the latest version and properly configure user profile settings.
What software versions are affected by CVE-2002-1731?
CVE-2002-1731 affects IBM OS/400 versions v4r2, v4r3, v4r4, v4r5, and v5r1.
Who is impacted by CVE-2002-1731?
Local users of the IBM AS/400 system are impacted by CVE-2002-1731 as it allows them to list valid user accounts.
What can attackers do with CVE-2002-1731?
Attackers can potentially exploit CVE-2002-1731 to enumerate user accounts, which may lead to further attacks or unauthorized access.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ibm
- canonical/ibm iseries as/400
- version/ibm iseries as/400/v4r5
- version/ibm iseries as/400/v4r4
- version/ibm iseries as/400/v4r3
- version/ibm iseries as/400/v5r1
- version/ibm iseries as/400/v4r2