Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3717

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3717
Last Modified 05 Sep 2008 05:43:44
Published 19 Aug 2008 03:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3717

Summary

Harmoni before 1.6.0 does not require administrative privileges to list (1) user names or (2) asset ids, which allows remote attackers to obtain sensitive information.

Vulnerable Systems

Application

  • Harmoni 0.0.2

  • Harmoni 0.0.3

  • Harmoni 0.0.4

  • Harmoni 0.0.5

  • Harmoni 0.1.0

  • Harmoni 0.10.1

  • Harmoni 0.11.0

  • Harmoni 0.12.0

  • Harmoni 0.12.1

  • Harmoni 0.12.3

  • Harmoni 0.13.0

  • Harmoni 0.13.1

  • Harmoni 0.13.2

  • Harmoni 0.13.3

  • Harmoni 0.13.4

  • Harmoni 0.13.5

  • Harmoni 0.13.6

  • Harmoni 0.13.7

  • Harmoni 0.2.0

  • Harmoni 0.3.0

  • Harmoni 0.3.1

  • Harmoni 0.3.2

  • Harmoni 0.5.1

  • Harmoni 0.6.0

  • Harmoni 0.6.2

  • Harmoni 0.7.0

  • Harmoni 0.7.1

  • Harmoni 0.7.2

  • Harmoni 0.7.6

  • Harmoni 0.7.7

  • Harmoni 0.9.0

  • Harmoni 1.0.0

  • Harmoni 1.0.1

  • Harmoni 1.0.2

  • Harmoni 1.0.3

  • Harmoni 1.0.5

  • Harmoni 1.0.6

  • Harmoni 1.1.0

  • Harmoni 1.3.0

  • Harmoni 1.3.2

  • Harmoni 1.3.4

  • Harmoni 1.3.5

  • Harmoni 1.4.2

  • Harmoni 1.4.6

  • Harmoni 1.4.7


References

XF - harmoni-security-bypass(44485)

BID - 30706

CONFIRM - http://sourceforge.net/tracker/index.php?func=detail&aid=2040324&group_id=82171&atid=1098812

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=619864

SECUNIA - 31503


Last Updated: 27 May 2016 10:48:16