MidnightBSD

Advisories for intersystems

CVE-2003-0497 HIGH

Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
intersystems cache_database 5
CVE-2003-0498 HIGH

Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
intersystems cache_database 5
CVE-2003-1333 HIGH

Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
intersystems cache_database 4.1.16
intersystems cache_database 4.0.3
intersystems cache_database 5
intersystems cache_database 4.0.4
intersystems cache_database 4.1.15
intersystems cache_database 5.0.12
intersystems cache_database 5.0.5
intersystems cache_database 5.0.3
intersystems cache_database 5.0.21
intersystems cache_database 5.0.17
intersystems cache_database 5.0.19
CVE-2004-2683 LOW

Unspecified vulnerability in the %XML.Utils.SchemaServer class in InterSystems Cache' 5.0 allows attackers to access arbitrary files on a server.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
intersystems cache 5
CVE-2004-2684 LOW

Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files under (a) Dev\studio\templates and (b) Devuser\studio\templates.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
intersystems cache_database 5
CVE-2018-17150 MEDIUM

Intersystems Cache 2017.2.2.865.0 allows XSS.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
intersystems cache 2017.2.2.865.0
intersystems cache 2018.1.2
CVE-2018-17151 MEDIUM

Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
intersystems cache 2017.2.2.865.0
intersystems cache 2018.1.2
CVE-2018-17152 MEDIUM

Intersystems Cache 2017.2.2.865.0 allows XXE.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
intersystems cache 2017.2.2.865.0
intersystems cache 2018.1.2