CVE-2002-0049 — Improper Privilege Management in Microsoft Exchange Server

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

6.4MEDIUMNVD

EPSS

12.7%

top 6.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Exchange Server

Timeline

PublishedMar 8

Latest updateApr 30

Description

Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDmicrosoft/exchange_server2000

Patches

Patch: www.securityfocus.com ↗Patch: docs.microsoft.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-q5c8-gr3m-67m2: Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or mod↗2022-04-30

▶

CVEList

CVE-2002-0049: Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or mod↗2002-06-25

▶