CVE-2002-2036

3 documents3 sources

Severity

7.5HIGH

EPSS

1.5%

top 18.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN RAY Server Software

Timeline

PublishedDec 31

Latest updateApr 30

Description

Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP client.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDsun/ray1.3

Patches

Patch: sunsolve.sun.com ↗Patch: www.iss.net ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-cm9x-cx6v-qx4v: Sun Ray Server Software (SRSS) 1↗2022-04-30

▶

CVEList

CVE-2002-2036: Sun Ray Server Software (SRSS) 1↗2005-07-14

▶