{"api_version":"1","generated_at":"2026-04-23T09:38:35+00:00","cve":"CVE-2007-6334","urls":{"html":"https://cve.report/CVE-2007-6334","api":"https://cve.report/api/cve/CVE-2007-6334.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-6334","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-6334"},"summary":{"title":"CVE-2007-6334","description":"Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-12-20 23:46:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-264","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securityfocus.com/bid/26959","name":"http://www.securityfocus.com/bid/26959","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Ingres Flawed In User Authentication Unauthorized Access Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2007/4304","name":"http://www.vupen.com/english/advisories/2007/4304","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp","name":"http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/485448/100/0/threaded","name":"http://www.securityfocus.com/archive/1/485448/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/4303","name":"http://www.vupen.com/english/advisories/2007/4303","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ingres.com/support/security-alertDec17.php","name":"http://www.ingres.com/support/security-alertDec17.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Ingres Enterprise Relational Database Management System | Actian","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1019134","name":"http://www.securitytracker.com/id?1019134","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Ingres Database Grants Remote Users Access to the Database with the Incorrect Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/39358","name":"http://www.osvdb.org/39358","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://secunia.com/advisories/28183","name":"http://secunia.com/advisories/28183","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"CA Products Ingres User Authentication Security Issue - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/28187","name":"http://secunia.com/advisories/28187","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Ingres User Authentication Security Issue - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-6334","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-6334","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"6334","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ingres","cpe5":"ingres","cpe6":"2.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"6334","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ingres","cpe5":"ingres","cpe6":"2.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"6334","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_nt","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T16:02:36.365Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"ADV-2007-4303","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/4303"},{"name":"1019134","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1019134"},{"name":"39358","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/39358"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.ingres.com/support/security-alertDec17.php"},{"name":"28187","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/28187"},{"name":"26959","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/26959"},{"name":"28183","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/28183"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"},{"name":"ADV-2007-4304","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/4304"},{"name":"20071221 [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/485448/100/0/threaded"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-12-20T00:00:00.000Z","descriptions":[{"lang":"en","value":"Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-15T20:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"ADV-2007-4303","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/4303"},{"name":"1019134","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1019134"},{"name":"39358","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/39358"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.ingres.com/support/security-alertDec17.php"},{"name":"28187","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/28187"},{"name":"26959","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/26959"},{"name":"28183","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/28183"},{"tags":["x_refsource_CONFIRM"],"url":"http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"},{"name":"ADV-2007-4304","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/4304"},{"name":"20071221 [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/485448/100/0/threaded"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-6334","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"ADV-2007-4303","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/4303"},{"name":"1019134","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1019134"},{"name":"39358","refsource":"OSVDB","url":"http://www.osvdb.org/39358"},{"name":"http://www.ingres.com/support/security-alertDec17.php","refsource":"CONFIRM","url":"http://www.ingres.com/support/security-alertDec17.php"},{"name":"28187","refsource":"SECUNIA","url":"http://secunia.com/advisories/28187"},{"name":"26959","refsource":"BID","url":"http://www.securityfocus.com/bid/26959"},{"name":"28183","refsource":"SECUNIA","url":"http://secunia.com/advisories/28183"},{"name":"http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp","refsource":"CONFIRM","url":"http://supportconnectw.ca.com/public/ingres/infodocs/ingresmswin-secnot.asp"},{"name":"ADV-2007-4304","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/4304"},{"name":"20071221 [CAID 35970]: CA Products That Embed Ingres Authentication Vulnerability","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/485448/100/0/threaded"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-6334","datePublished":"2007-12-20T23:00:00.000Z","dateReserved":"2007-12-13T00:00:00.000Z","dateUpdated":"2024-08-07T16:02:36.365Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-12-20 23:46:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-264","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*","matchCriteriaId":"ED27882B-A02A-4D5F-9117-A47976C676E0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ingres:ingres:2.5:*:*:*:*:*:*:*","matchCriteriaId":"43A75B42-4739-4E98-A6B9-704B51BD59EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*","matchCriteriaId":"DCE11A92-56B9-43A2-9E3D-D511AE713F45"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"6334","Ordinal":"1","Title":"CVE-2007-6334","CVE":"CVE-2007-6334","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"6334","Ordinal":"1","NoteData":"Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.","Type":"Description","Title":"CVE-2007-6334"},{"CveYear":"2007","CveId":"6334","Ordinal":"2","NoteData":"2007-12-20","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"6334","Ordinal":"3","NoteData":"2018-10-15","Type":"Other","Title":"Modified"}]}}}