CVE-2006-4954

Опубликовано: 23 сент. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The updateuser servlet in Neon WebMail for Java before 5.08 does not validate the in_id parameter, which allows remote attackers to modify information of arbitrary users, as demonstrated by modifying (1) passwords and (2) permissions, (3) viewing profile settings, and (4) creating and (5) deleting users.

Ссылки

http://secunia.com/advisories/22029
Patch
Vendor Advisory
http://vuln.sg/neonmail506-en.html
Exploit
Patch
http://www.securityfocus.com/bid/20109
Exploit
Patch
http://www.securityfocus.com/bid/84203
https://exchange.xforce.ibmcloud.com/vulnerabilities/29089
http://secunia.com/advisories/22029
Patch
Vendor Advisory
http://vuln.sg/neonmail506-en.html
Exploit
Patch
http://www.securityfocus.com/bid/20109
Exploit
Patch
http://www.securityfocus.com/bid/84203
https://exchange.xforce.ibmcloud.com/vulnerabilities/29089

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:neosys:neon_webmail:5.06:*:java:*:*:*:*:*

cpe:2.3:a:neosys:neon_webmail:5.07:*:java:*:*:*:*:*

EPSS

Процентиль: 92%

0.07531

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-6mc6-x498-8q9c

github

почти 4 года назад