{"api_version":"1","generated_at":"2026-04-23T08:03:25+00:00","cve":"CVE-2002-2043","urls":{"html":"https://cve.report/CVE-2002-2043","api":"https://cve.report/api/cve/CVE-2002-2043.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2002-2043","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2002-2043"},"summary":{"title":"CVE-2002-2043","description":"SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.","state":"PUBLISHED","assigner":"mitre","published_at":"2002-12-31 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://archives.neohapsis.com/archives/bugtraq/2002-04/0020.html","name":"http://archives.neohapsis.com/archives/bugtraq/2002-04/0020.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.iss.net/security_center/static/8748.php","name":"http://www.iss.net/security_center/static/8748.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"ISS X-Force Database: cyrus-sasl-patch-pop-access (8748): Cyrus SASL LDAP+MySQL patch allows user unauthorized POP access","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/4409","name":"http://www.securityfocus.com/bid/4409","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2002-2043","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2002-2043","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2002","cve_id":"2043","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cyrus","cpe5":"sasl","cpe6":"1.5.24","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"2043","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cyrus","cpe5":"sasl","cpe6":"1.5.27","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[{"cvename":"CVE-2002-2043","organization":"Red Hat","lastmodified":"2006-08-30","contributor":"Mark J Cox","statementText":"Not vulnerable. This issue only affects a third-party patch to Cyrus SASL, not distributed with Red Hat Enterprise Linux 2.1, 3, or 4.","cve_year":"2002","cve_id":"2043","crc32":"ade2e8e7"}],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T03:51:17.526Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"4409","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/4409"},{"name":"cyrus-sasl-patch-pop-access(8748)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"http://www.iss.net/security_center/static/8748.php"},{"name":"20020402 SASL (v1/v2) MYSQL/LDAP authentication patch.","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://archives.neohapsis.com/archives/bugtraq/2002-04/0020.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2005-07-14T04:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"4409","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/4409"},{"name":"cyrus-sasl-patch-pop-access(8748)","tags":["vdb-entry","x_refsource_XF"],"url":"http://www.iss.net/security_center/static/8748.php"},{"name":"20020402 SASL (v1/v2) MYSQL/LDAP authentication patch.","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://archives.neohapsis.com/archives/bugtraq/2002-04/0020.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2002-2043","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"4409","refsource":"BID","url":"http://www.securityfocus.com/bid/4409"},{"name":"cyrus-sasl-patch-pop-access(8748)","refsource":"XF","url":"http://www.iss.net/security_center/static/8748.php"},{"name":"20020402 SASL (v1/v2) MYSQL/LDAP authentication patch.","refsource":"BUGTRAQ","url":"http://archives.neohapsis.com/archives/bugtraq/2002-04/0020.html"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2002-2043","datePublished":"2005-07-14T04:00:00.000Z","dateReserved":"2005-07-14T00:00:00.000Z","dateUpdated":"2024-09-17T00:31:55.073Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2002-12-31 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cyrus:sasl:1.5.24:*:*:*:*:*:*:*","matchCriteriaId":"F5B837A3-E1D7-469D-9A2C-1648DB869524"},{"vulnerable":true,"criteria":"cpe:2.3:a:cyrus:sasl:1.5.27:*:*:*:*:*:*:*","matchCriteriaId":"6D5319DC-7C56-4661-83A6-6F226DD6804F"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2002","CveId":"2043","Ordinal":"1","Title":"CVE-2002-2043","CVE":"CVE-2002-2043","Year":"2002"},"notes":[{"CveYear":"2002","CveId":"2043","Ordinal":"1","NoteData":"SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.","Type":"Description","Title":"CVE-2002-2043"},{"CveYear":"2002","CveId":"2043","Ordinal":"2","NoteData":"2005-07-14","Type":"Other","Title":"Published"}]}}}