Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intersystems | cache_database | 5 |
Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intersystems | cache_database | 5 |
Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intersystems | cache_database | 4.1.16 |
| intersystems | cache_database | 4.0.3 |
| intersystems | cache_database | 5 |
| intersystems | cache_database | 4.0.4 |
| intersystems | cache_database | 4.1.15 |
| intersystems | cache_database | 5.0.12 |
| intersystems | cache_database | 5.0.5 |
| intersystems | cache_database | 5.0.3 |
| intersystems | cache_database | 5.0.21 |
| intersystems | cache_database | 5.0.17 |
| intersystems | cache_database | 5.0.19 |
Unspecified vulnerability in the %XML.Utils.SchemaServer class in InterSystems Cache' 5.0 allows attackers to access arbitrary files on a server.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intersystems | cache | 5 |
Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files under (a) Dev\studio\templates and (b) Devuser\studio\templates.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intersystems | cache_database | 5 |
Intersystems Cache 2017.2.2.865.0 allows XSS.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intersystems | cache | 2017.2.2.865.0 |
| intersystems | cache | 2018.1.2 |
Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intersystems | cache | 2017.2.2.865.0 |
| intersystems | cache | 2018.1.2 |
Intersystems Cache 2017.2.2.865.0 allows XXE.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intersystems | cache | 2017.2.2.865.0 |
| intersystems | cache | 2018.1.2 |