{"api_version":"1","generated_at":"2026-04-23T11:34:29+00:00","cve":"CVE-2001-0981","urls":{"html":"https://cve.report/CVE-2001-0981","api":"https://cve.report/api/cve/CVE-2001-0981.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2001-0981","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2001-0981"},"summary":{"title":"CVE-2001-0981","description":"HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the \"unix password sync\" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.","state":"PUBLISHED","assigner":"mitre","published_at":"2001-08-31 04:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/7051","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/7051","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://archives.neohapsis.com/archives/hp/2001-q3/0048.html","name":"http://archives.neohapsis.com/archives/hp/2001-q3/0048.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Neohapsis Archives - HP Security Digests - security bulletins digest - From support_feedbackus-support.external.hp.com","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2001-0981","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2001-0981","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2001","cve_id":"981","vulnerable":"1","versionEndIncluding":"a.01.07","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hp","cpe5":"cifs-9000_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T04:37:07.113Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"hp-cifs-change-passwords(7051)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/7051"},{"name":"HPSBUX0108-164","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://archives.neohapsis.com/archives/hp/2001-q3/0048.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2001-08-28T00:00:00.000Z","descriptions":[{"lang":"en","value":"HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the \"unix password sync\" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2002-06-16T00:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"hp-cifs-change-passwords(7051)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/7051"},{"name":"HPSBUX0108-164","tags":["vendor-advisory","x_refsource_HP"],"url":"http://archives.neohapsis.com/archives/hp/2001-q3/0048.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2001-0981","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the \"unix password sync\" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"hp-cifs-change-passwords(7051)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/7051"},{"name":"HPSBUX0108-164","refsource":"HP","url":"http://archives.neohapsis.com/archives/hp/2001-q3/0048.html"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2001-0981","datePublished":"2002-06-25T04:00:00.000Z","dateReserved":"2002-01-31T00:00:00.000Z","dateUpdated":"2024-08-08T04:37:07.113Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2001-08-31 04:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hp:cifs-9000_server:*:*:*:*:*:*:*:*","versionEndIncluding":"a.01.07","matchCriteriaId":"DD06C4B0-0D36-44D7-A215-5A7ADA6A4CFE"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2001","CveId":"981","Ordinal":"1","Title":"CVE-2001-0981","CVE":"CVE-2001-0981","Year":"2001"},"notes":[{"CveYear":"2001","CveId":"981","Ordinal":"1","NoteData":"HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the \"unix password sync\" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.","Type":"Description","Title":"CVE-2001-0981"},{"CveYear":"2001","CveId":"981","Ordinal":"2","NoteData":"2002-06-25","Type":"Other","Title":"Published"},{"CveYear":"2001","CveId":"981","Ordinal":"3","NoteData":"2002-06-15","Type":"Other","Title":"Modified"}]}}}