Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1611

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2004-1611
Last Modified 05 Sep 2008 04:41:52
Published 18 Oct 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2004-1611

Summary

SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to (1) execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack, or (2) obtain the database password via a GetConnection request to TCP port 1707.

Vulnerable Systems

Application

  • Best Software Saleslogix

  • Saleslogix Corporation Saleslogix 2000.0


References

XF - saleslogix-getconnection-account-disclosure(17754)

BID - 11450

SECUNIA - 12883

BUGTRAQ - 20041018 Multiple vulnerabilities in Sage Saleslogix

OSVDB - 10948

OSVDB - 10947

SECTRACK - 1011769


Last Updated: 27 May 2016 10:39:06