Описание
Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp.
Ссылки
- PatchVendor Advisory
- ExploitVendor Advisory
- PatchVendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:nokia:groupwise_mobile_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nokia:intellisync_mobile_suite:6.4.31.2:*:*:*:*:*:*:*
cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.0.107:*:*:*:*:*:*:*
cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.2.2:*:*:*:*:*:*:*
cpe:2.3:a:nokia:intellisync_wireless_email_express:*:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00622
Низкий
6.4 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
почти 4 года назад
Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp.
EPSS
Процентиль: 70%
0.00622
Низкий
6.4 Medium
CVSS2
Дефекты
CWE-200