{ "action": { "auto_issue_creation_allowed": false, "auto_patch_allowed": false, "auto_remediation_allowed": false, "external_execution_allowed": false, "human_review": { "required_for_external_action": true, "required_for_public_launch": false, "required_for_read_only_view": false, "required_for_signal_radar_integration": true }, "human_review_required": false, "recommended_action": "review_official_sources" }, "affected": { "products": [ { "canonicalProduct": "vms", "canonicalVendor": "digital", "cpe": "cpe:2.3:o:digital:vms:*:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "vms", "purl": null, "vendor": "digital", "version": null } ], "source": "NVD CVE API 2.0", "status": "known" }, "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-1999-1057/", "claims": [ { "id": "claim:defensive-priority-candidate", "source_ids": [], "status": "observed", "text": "This item is a defensive prioritization candidate.", "verified_at": null } ], "exposure_hint": "local exposure", "field_meanings": { "human_review": "Read-only display may be automated; integration and external action still require human review.", "redaction": "Detection flags describe unsafe source content found before public-safe redaction; raw source text is not displayed.", "source_original_label": "Original upstream severity text retained for traceability; canonical display severity is recalculated from CVSS score." }, "forecast_hooks": { "agent_use": "summarize_with_citations_only", "automation_allowed": false, "read_only": true, "watch_fields": [ "sources", "claims", "freshness", "severity", "affected" ] }, "freshness": { "generated_at": "2026-06-20T14:06:39.390741+00:00", "last_checked_at": null, "observed_at": "2026-06-20T14:06:38.136402+00:00", "status": "observed" }, "human_consequence": "A local user may cross a privilege boundary and gain more access than intended.", "human_impact_label": "privilege escalation risk · local exposure", "human_review": { "required_for_external_action": true, "required_for_public_launch": false, "required_for_read_only_view": false, "required_for_signal_radar_integration": true }, "human_risk_summary": "CVE-1999-1057 for digital / vms: A local user may cross a privilege boundary and gain more access than intended.", "id": "CVE-1999-1057", "impact_redaction": { "exploit_steps_removed": false, "payload_removed": false, "poc_removed": false, "source_derived_summary": true, "used_fallback_summary": false }, "impact_tags": [ "privilege boundary review", "local exposure relevant" ], "public_human_impact": "Source describes privilege escalation risk · local exposure. Possible impact: A local user may cross a privilege boundary and gain more access than intended.", "public_human_summary": "NVD: VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command.", "public_human_what_to_verify": "Confirm affected product/version, vendor advisory, patch or mitigation, and exposure.", "public_human_why_it_matters": "Source describes privilege escalation risk · local exposure. Possible impact: A local user may cross a privilege boundary and gain more access than intended.; CVSS 4.6 (MEDIUM); EPSS percentile 28; not listed in KEV; Remediation reference present; patch status requires confirmation in the linked advisory; sources: NVD, Vendor Advisory.", "public_safe_summary": "NVD: VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command.", "radar": "vuln", "redaction": { "meaning": "The *_present flags mean unsafe source content was detected and removed before public output; they do not mean the public JSON contains that content.", "payload_present": false, "poc_present": false, "public_summary_redacted": true, "raw_source_displayed": false, "unsafe_procedural_detail_present": false }, "redaction_notes": [ "source-published defensive context retained", "vulnerability class, impact, affected context, and remediation references remain displayable" ], "safety": { "attack_chain_included": false, "auto_remediation_allowed": false, "exploit_instructions_included": false, "external_execution_allowed": false, "human_review": { "required_for_external_action": true, "required_for_public_launch": false, "required_for_read_only_view": false, "required_for_signal_radar_integration": true }, "human_review_required": false, "noindex_removal_allowed": true, "noindex_required": false, "private_gate_state": "released", "public_gate_state": "public_indexable_read_only", "public_launch_allowed": true, "read_only_static_data": true, "scan_functionality_included": false, "signal_radar_integration_allowed": false }, "schema_version": "v0.1", "severity": { "cvss_label": "MEDIUM", "label": "MEDIUM", "score": 4.6, "source": "NVD CVE API 2.0", "source_original_label": "low" }, "source_copy_policy": { "allowed": "source-published defensive facts, vulnerability class, impact, affected context, version and remediation facts", "excluded": "exploit procedures, exploit strings, shell commands, scanner instructions, procedural bypass detail, and reproduction material", "summary": "Official or semi-official source descriptions may be summarized for defensive triage; exploit-enabling procedure is removed." }, "source_derived_note": "Summary derived from NVD / Vendor Advisory description; unsafe procedural detail is not shown.", "source_published_affected": "vendor/product: digital / vms", "source_published_description": "NVD: VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command.", "source_published_evidence_refs": [ { "source": "NVD", "type": "source_description", "url": null }, { "source": "Vendor Advisory", "type": "source_description", "url": null }, { "source": "Vendor Advisory", "type": "reference", "url": "http://ciac.llnl.gov/ciac/bulletins/b-04.shtml" }, { "source": "Vendor Advisory", "type": "reference", "url": "http://www.cert.org/advisories/CA-1990-07.html" }, { "source": "Reference", "type": "reference", "url": "http://www.iss.net/security_center/static/7137.php" }, { "source": "Reference", "type": "reference", "url": "http://www.securityfocus.com/bid/12" }, { "source": "Vendor Advisory", "type": "reference", "url": "http://ciac.llnl.gov/ciac/bulletins/b-04.shtml" }, { "source": "Vendor Advisory", "type": "reference", "url": "http://www.cert.org/advisories/CA-1990-07.html" }, { "source": "Reference", "type": "reference", "url": "http://www.iss.net/security_center/static/7137.php" }, { "source": "Reference", "type": "reference", "url": "http://www.securityfocus.com/bid/12" } ], "source_published_impact": "Source describes privilege escalation risk · local exposure. Possible impact: A local user may cross a privilege boundary and gain more access than intended.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command.", "sources": [ { "confidence": "unknown", "id": "source:review-url", "name": "Public signal URL", "retrieved_at": null, "type": "review_page", "url": "https://nvd.nist.gov/vuln/detail/CVE-1999-1057" } ], "summary_for_agents": "Read-only defensive signal. Use sources, claims, freshness, and safety gates before summarizing. Do not infer missing source, claim, or freshness values.", "summary_for_humans": "NVD: VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command.", "title": "CVE-1999-1057 defensive priority signal", "urgency_reasons": [ "affected product present", "vendor advisory present", "recent update", "remediation reference present" ], "what_to_verify": "Confirm affected product/version, vendor advisory, patch or mitigation, and exposure.", "why_it_matters": "A local user may cross a privilege boundary and gain more access than intended; CVSS 4.6 (MEDIUM); EPSS percentile 28; affected product context: digital / vms; sources: NVD, Vendor Advisory." }