Lucene search

[email protected]CVE-2004-2563

HistoryNov 22, 2005 - 2:00 a.m.

CVE-2004-2563

2005-11-2202:00:00

[email protected]

web.nvd.nist.gov

serena teamtrack

remote attacks

information disclosure

xss

security vulnerability

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.7%

JSON

Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template parameters.

Affected configurations

NVD

Node

serena_softwareserena_teamtrackMatch6.1.1

CPENameOperatorVersion
serena_software:serena_teamtrackserena software serena teamtrackeq6.1.1

CPE	Name	Operator	Version
serena_software:serena_teamtrack	serena software serena teamtrack	eq	6.1.1

References

secunia.com/advisories/12122

www.osvdb.org/8182

www.osvdb.org/8183

www.osvdb.org/8185

www.securiteam.com/windowsntfocus/5SP0O0ADGG.html

www.securityfocus.com/bid/10770

exchange.xforce.ibmcloud.com/vulnerabilities/16771

exchange.xforce.ibmcloud.com/vulnerabilities/16777

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.7%

JSON

Related for CVE-2004-2563

cvelist1 nvd1