VULHUB ™

Rapid 7 Advisory R7-0005 - Granite Software ZMerge Administration Database Has Insecure Default ACLs. In the default configuration, the ZMerge administration database grants Manager access to all users (including anonymous web users). If the administrator neglects to change the database ACLs to something more appropriate, an unauthorized user could modify the data import/export scripts which might then be run by an administrator or scheduled agent.

Rapid 7 Advisory R7-0005 - Granite Software ZMerge Administration Database Has Insecure Default ACLs. In the default configuration, the ZMerge administration database grants Manager access to all users (including anonymous web users). If the administrator neglects to change the database ACLs to something more appropriate, an unauthorized user could modify the data import/export scripts which might then be run by an administrator or scheduled agent.