Vulnerabilities > CVE-2004-2357 - Remote Security vulnerability in Proofpoint Protection Server

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

proofpoint

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

The embedded MySQL 4.0 server for Proofpoint Protection Server does not require a password for the root user of MySQL, which allows remote attackers to read or modify the backend database.

Vulnerable Configurations

Part	Description	Count
Application	Proofpoint Proofpoint Proofpoint Protection Server *	1

References

http://marc.info/?l=full-disclosure&m=107745676915297&w=2
http://marc.info/?l=full-disclosure&m=107752568009182&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/15280