Vulnerabilities > CVE-2007-2849 - Security Bypass vulnerability in Knowledgetree Document Management Knowledgetree Document Management 3.3.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
KnowledgeTree Document Management (aka KnowledgeTree Open Source) before STABLE 3.3.7 does not require a password for an unregistered user, when the user exists in Active Directory, which allows remote attackers to log onto KTDMS without the intended authorization check.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://osvdb.org/36578
- http://secunia.com/advisories/25360
- http://sourceforge.net/forum/forum.php?forum_id=698243
- http://sourceforge.net/project/shownotes.php?release_id=510338
- http://www.securityfocus.com/bid/24110
- http://www.vupen.com/english/advisories/2007/1920
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34463