Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.
AnalysisAI
Authentication bypass in Borg SPM 2007 allows remote unauthenticated attackers to impersonate any user and gain complete system access without credentials. This discontinued product (sales ended 2008) presents maximum network exposure (CVSS:4.0 9.3, AV:N/AC:L/PR:N) with trivial exploitation conditions. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions-remote unauthenticated exploitation against default configurations of Borg SPM 2007. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 9.3 reflects maximum network exploitability (AV:N/AC:L/PR:N/UI:N) with high confidentiality, integrity, and availability impact on the vulnerable system. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated remote attacker identifies an internet-facing Borg SPM 2007 instance through banner grabbing or web application fingerprinting. The attacker crafts HTTP requests that bypass authentication checks entirely, gaining immediate access to the application as an administrative or privileged user without providing any credentials. … |
| Remediation | No vendor-released patch exists or will be developed for this end-of-life product discontinued in 2008. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Conduct inventory scan to identify any Borg SPM 2007 instances on the network and document business justification for continued operation. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Borg Spm 2007
View allRemote code execution in Borg SPM 2007 allows unauthenticated attackers to upload and execute web shell backdoors via un
SQL injection in Borg SPM 2007 allows unauthenticated remote attackers to execute arbitrary SQL commands via network req
Same weakness CWE-1390 – Weak Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25211
GHSA-qxgc-wc3f-24c9