Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7100

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2008-7100
Last Modified 28 Aug 2009 12:00:00
Published 27 Aug 2009 04:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-7100

Summary

Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to bypass authentication and gain privileges via unknown vectors related to a "unique id" for user actions and improper validation of a "user identity."

Vulnerable Systems

Application

  • Dotnetnuke 4.4.1

  • Dotnetnuke 4.5.2

  • Dotnetnuke 4.5.4

  • Dotnetnuke 4.5.5

  • Dotnetnuke 4.6.0

  • Dotnetnuke 4.6.1

  • Dotnetnuke 4.6.2

  • Dotnetnuke 4.7.0

  • Dotnetnuke 4.8.0

  • Dotnetnuke 4.8.1

  • Dotnetnuke 4.8.2

  • Dotnetnuke 4.8.3

  • Dotnetnuke 4.8.4


References

BID - 31145

CONFIRM - http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno21/tabid/1174/Default.aspx

XF - dotnetnuke-identity-auth-bypass(45081)

SECUNIA - 31893

OSVDB - 48343


Last Updated: 27 May 2016 10:49:28