Unrated severityNVD Advisory· Published Aug 12, 2002· Updated Apr 16, 2026

CVE-2002-0736

Description

Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.

Affected products

Microsoft/Backoffice2 versions
cpe:2.3:a:microsoft:backoffice:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:backoffice:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:backoffice:4.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.microsoft.com/support/kb/articles/q316/8/38.aspnvdPatchVendor Advisory
www.iss.net/security_center/static/8862.phpnvdPatchVendor Advisory
www.securityfocus.com/bid/4528nvdPatchVendor Advisory
archives.neohapsis.com/archives/bugtraq/2002-04/0208.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.014
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000