Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2563

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2004-2563
Last Modified 05 Sep 2008 04:44:29
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2563

Summary

Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template parameters.

Vulnerable Systems

Application

  • Serena Software Serena Teamtrack 6.1.1


References

XF - teamtrack-loginpage-information-disclosure(16777)

XF - teamtrack-tmtrackdll-xss(16771)

BID - 10770

MISC - http://www.securiteam.com/windowsntfocus/5SP0O0ADGG.html

OSVDB - 8185

OSVDB - 8183

OSVDB - 8182

SECUNIA - 12122


Last Updated: 27 May 2016 10:39:32