CVE-2007-2590

Sažetak

Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp.

Reference

http://osvdb.org/34514
http://secunia.com/advisories/25212
http://securityreason.com/securityalert/2689
http://www.sec-consult.com/289.html
http://www.securityfocus.com/archive/1/468048/100/0/threaded
http://www.vupen.com/english/advisories/2007/1727

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

16-10-2018 - 16:44

Objavljeno

11-05-2007 - 04:20