Lucene search

[email protected]CVE-2004-1661

HistorySep 02, 2004 - 4:00 a.m.

CVE-2004-1661

2004-09-0204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

mailworks professional

remote attackers

authentication bypass

privilege escalation

cookie vulnerability

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.033 Low

EPSS

Percentile

91.2%

JSON

MailWorks Professional allows remote attackers to bypass authentication and gain privileges via a cookie that contains “auth=1” and “uId=1.”

CPENameOperatorVersion
sitecubed:mailworks_professionalsitecubed mailworks professionaleq*

CPE	Name	Operator	Version
sitecubed:mailworks_professional	sitecubed mailworks professional	eq	*

References

marc.info/?l=bugtraq&m=109416709710447&w=2

secunia.com/advisories/12458

www.securityfocus.com/bid/11095

exchange.xforce.ibmcloud.com/vulnerabilities/17217

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.033 Low

EPSS

Percentile

91.2%

JSON