Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1211

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1211
Last Modified 05 Sep 2008 04:25:58
Published 31 Dec 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1211

Summary

Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain.

Vulnerable Systems

Application

  • Ipswitch Imail 6.1

  • Ipswitch Imail 6.2

  • Ipswitch Imail 6.3

  • Ipswitch Imail 6.4

  • Ipswitch Imail 7.0.1

  • Ipswitch Imail 7.0.2

  • Ipswitch Imail 7.0.3

  • Ipswitch Imail 7.0.4


References

BID - 3766

BUGTRAQ - 20011231 IMail Web Service User Aliases / Mailing Lists Admin Vulnerability

XF - imail-admin-domain-change(7752)

MISC - http://support.ipswitch.com/kb/IM-20020301-DM02.htm

MISC - http://support.ipswitch.com/kb/IM-20011219-DM01.htm


Last Updated: 27 May 2016 10:36:34