Lucene search

[email protected]CVE-2005-0685

HistoryMar 08, 2005 - 5:00 a.m.

CVE-2005-0685

2005-03-0805:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-0685

access validation errors

outstart participate enterprise

remote attackers

unauthorized activities

nvd

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.6%

JSON

Multiple access validation errors in OutStart Participate Enterprise (PE) allow remote attackers to (1) browse arbitrary directory trees by modifying the rootFolder parameter to displaynavigator.jsp, (2) rename arbitrary directory objects by modifying the selectedObject parameter to renamepopup.jsp, (3) delete arbitrary directory objects by modifying the selectedObjectsCSV parameter to displaydeletenavigator.jsp, and conduct other unauthorized activities via the (4) showDeleteView, (5) showWebFolderView, (6) showLibraryView, (7) showMyLibraryView, (8) singleSelectObject, (9) processRadioSelection, (10) processCheckboxSelection, (11) singleSelectObject, (12) addToSelectedObjects, or (13) removeFromSelectedObjects commands.

CPENameOperatorVersion
outstart:participate_enterpriseoutstart participate enterpriseeq3

CPE	Name	Operator	Version
outstart:participate_enterprise	outstart participate enterprise	eq	3

References

secunia.com/advisories/14542

security.honour.ca/outstartpsi.txt

www.securityfocus.com/archive/1/392623

www.securityfocus.com/bid/12752

exchange.xforce.ibmcloud.com/vulnerabilities/19632

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.6%

JSON