CVE-2001-0870

high

Description

HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive information by directly requesting the eye.ini file.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/7630

http://www.securityfocus.com/bid/3598

http://marc.info/?l=bugtraq&m=100715758109838&w=2

Details

Source: Mitre, NVD

Published: 2001-12-21

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.01095