Lucene search

[email protected]CVE-2007-1249

HistoryMar 03, 2007 - 8:19 p.m.

CVE-2007-1249

2007-03-0320:19:00

CWE-362

[email protected]

web.nvd.nist.gov

cve

2007

1249

c1 financial services

contelligent

security configuration

remote attackers

write permissions

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.026 Low

EPSS

Percentile

90.3%

JSON

MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check “the additional environment security configuration,” which allows remote attackers with write permissions to reorder components.

Affected configurations

NVD

Node

contelligentc1_financial_servicesMatch9.1.4

CPENameOperatorVersion
contelligent:c1_financial_servicescontelligent c1 financial serviceseq9.1.4

CPE	Name	Operator	Version
contelligent:c1_financial_services	contelligent c1 financial services	eq	9.1.4

References

osvdb.org/33497

secunia.com/advisories/24364

www.contelligent.com/contell/cms/c1web/contelligent/site/contelligent/changelog.html?fromRelease=9.1.4

www.securityfocus.com/bid/22785

www.vupen.com/english/advisories/2007/0814

exchange.xforce.ibmcloud.com/vulnerabilities/32775

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.026 Low

EPSS

Percentile

90.3%

JSON

Related for CVE-2007-1249

nvd1 prion1 cvelist1 securityvulns1