CVE-2001-1281

Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html	Vendor Advisory
http://www.ipswitch.com/Support/IMail/news.html
http://www.securityfocus.com/bid/3429
http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html	Vendor Advisory
http://www.ipswitch.com/Support/IMail/news.html
http://www.securityfocus.com/bid/3429

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ipswitch:imail:6.0.2:::::::*
	cpe:2.3:a:ipswitch:imail:6.0.6:::::::*
	cpe:2.3:a:ipswitch:imail:7.0.4:::::::*

History

20 Nov 2024, 23:37

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html - Vendor Advisory~~	() http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html - Vendor Advisory
References	~~() http://www.ipswitch.com/Support/IMail/news.html -~~	() http://www.ipswitch.com/Support/IMail/news.html -
References	~~() http://www.securityfocus.com/bid/3429 -~~	() http://www.securityfocus.com/bid/3429 -

Information

Published : 2001-10-12 04:00

Updated : 2024-11-20 23:37

NVD link : CVE-2001-1281

Mitre link : CVE-2001-1281

CVE.ORG link : CVE-2001-1281

JSON object : View

Products Affected

ipswitch

imail

CWE

NVD-CWE-Other

{"id": "CVE-2001-1281", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2001-10-12T04:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ipswitch.com/Support/IMail/news.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/3429", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ipswitch.com/Support/IMail/news.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/3429", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the \"Change User Information\" web form."}], "lastModified": "2024-11-20T23:37:19.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ipswitch:imail:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56F7C097-B6D9-4C10-BDCD-245E5D387ADA"}, {"criteria": "cpe:2.3:a:ipswitch:imail:6.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B6613A7-3338-451F-876E-C544CCE2C066"}, {"criteria": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84CE3C80-C0D3-4F7C-BF12-10111281DC3D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}