CVE-2002-1769

3 documents3 sources

Severity

7.5HIGH

EPSS

19.0%

top 4.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Site Server Microsoft Site Server Commerce

Timeline

PublishedDec 31

Latest updateApr 30

Description

Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/site_server3.0

▶NVDmicrosoft/site3.0

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-c3pr-rr9m-p77p: Microsoft Site Server 3↗2022-04-30

▶

CVEList

CVE-2002-1769: Microsoft Site Server 3↗2005-06-21

▶