CVE-2007-6334

critical

Description

Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.

References

http://www.vupen.com/english/advisories/2007/4304

http://www.vupen.com/english/advisories/2007/4303

http://www.securitytracker.com/id?1019134

http://www.securityfocus.com/bid/26959

http://www.securityfocus.com/archive/1/485448/100/0/threaded

http://www.osvdb.org/39358

http://www.ingres.com/support/security-alertDec17.php

http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp

http://secunia.com/advisories/28187

http://secunia.com/advisories/28183

Details

Source: Mitre, NVD

Published: 2007-12-20

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00765

Detections

Analytics