Lucene search
MitreCVE-2006-6964HistoryJan 29, 2007 - 4:28 p.m.
CVE-2006-6964
2007-01-2916:28:00
mitre
web.nvd.nist.gov
29
mailenable
professional
cve-2006-6964
password security
remote authentication
html source
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
5.8
Confidence
Low
EPSS
0.002
Percentile
58.3%
MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user’s settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.
Affected configurations
Node
mailenablemailenable_professionalMatch1.7
ORmailenablemailenable_professionalMatch1.71
ORmailenablemailenable_professionalMatch1.72
ORmailenablemailenable_professionalMatch1.73
ORmailenablemailenable_professionalMatch1.74
ORmailenablemailenable_professionalMatch1.75
ORmailenablemailenable_professionalMatch1.76
ORmailenablemailenable_professionalMatch1.77
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mailenable | mailenable_professional | 1.7 | cpe:2.3:a:mailenable:mailenable_professional:1.7:*:*:*:*:*:*:* |
| mailenable | mailenable_professional | 1.71 | cpe:2.3:a:mailenable:mailenable_professional:1.71:*:*:*:*:*:*:* |
| mailenable | mailenable_professional | 1.72 | cpe:2.3:a:mailenable:mailenable_professional:1.72:*:*:*:*:*:*:* |
| mailenable | mailenable_professional | 1.73 | cpe:2.3:a:mailenable:mailenable_professional:1.73:*:*:*:*:*:*:* |
| mailenable | mailenable_professional | 1.74 | cpe:2.3:a:mailenable:mailenable_professional:1.74:*:*:*:*:*:*:* |
| mailenable | mailenable_professional | 1.75 | cpe:2.3:a:mailenable:mailenable_professional:1.75:*:*:*:*:*:*:* |
| mailenable | mailenable_professional | 1.76 | cpe:2.3:a:mailenable:mailenable_professional:1.76:*:*:*:*:*:*:* |
| mailenable | mailenable_professional | 1.77 | cpe:2.3:a:mailenable:mailenable_professional:1.77:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2006-6964
2007-01-29 16:00:00
nvd
nvd
CVE-2006-6964
2007-01-29 16:28:00
securityvulns
securityvulns
Multiple MailEnable vulnerabilities
2006-03-21 00:00:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
5.8
Confidence
Low
EPSS
0.002
Percentile
58.3%
Related for CVE-2006-6964