cbcvebase.

Intersystems Cache Database vulnerabilities

5 known vulnerabilities affecting intersystems/cache_database.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2LOW2

Vulnerabilities

Page 1 of 1
CVE-2003-0497P4HIGHCVSS 7.2PoCv52003-08-07
CVE-2003-0497 [HIGH] CWE-264 CVE-2003-0497: Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs.
nvd
CVE-2003-1333P4CRITICALCVSS 10.0v4.0.3v4.0.4+9 more2003-12-31
CVE-2003-1333 [CRITICAL] CVE-2003-1333: Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0. Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server.
nvd
CVE-2003-0498P4HIGHCVSS 7.2v52003-08-07
CVE-2003-0498 [HIGH] CWE-94 CVE-2003-0498: Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows loca Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.
nvd
CVE-2007-4427P4LOWCVSS 3.5v2007.1.0.369.0v2007.1.1.420.02007-08-20
CVE-2007-4427 [LOW] CVE-2007-4427: Unspecified vulnerability in the login page redirection logic in the Cache' Server Page (CSP) implem Unspecified vulnerability in the login page redirection logic in the Cache' Server Page (CSP) implementation in InterSystems Cache' 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to encoding of certain parameter values by this redirection logic, aka MAK2116.
nvd
CVE-2004-2684P4LOWCVSS 2.1v52004-12-31
CVE-2004-2684 [LOW] CVE-2004-2684: Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to ac Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files under (a) Dev\studio\templates and (b) Devuser\studio\templates.
nvd
Intersystems Cache Database vulnerabilities | cvebase