Unrated severityNVD Advisory· Published May 24, 2007· Updated Apr 23, 2026

CVE-2007-2849

Description

KnowledgeTree Document Management (aka KnowledgeTree Open Source) before STABLE 3.3.7 does not require a password for an unregistered user, when the user exists in Active Directory, which allows remote attackers to log onto KTDMS without the intended authorization check.

Affected products

Knowledgetree/Knowledgetree Document Management2 versions
cpe:2.3:a:knowledgetree_document_management:knowledgetree_document_management:3.3.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:knowledgetree_document_management:knowledgetree_document_management:3.3.3:*:*:*:*:*:*:*
- (no CPE)range: <3.3.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/25360nvdPatchVendor Advisory
sourceforge.net/project/shownotes.phpnvdPatch
osvdb.org/36578nvd
sourceforge.net/forum/forum.phpnvd
www.securityfocus.com/bid/24110nvd
www.vupen.com/english/advisories/2007/1920nvd
exchange.xforce.ibmcloud.com/vulnerabilities/34463nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000