Lucene search

MitreCVE-2008-3082

HistoryJul 09, 2008 - 12:41 a.m.

CVE-2008-3082

2008-07-0900:41:00

CWE-79

mitre

web.nvd.nist.gov

cve-2008-3082

cross-site scripting

xss

upm

commtouch enterprise anti-spam gateway

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Cross-site scripting (XSS) vulnerability in UPM/English/login/login.asp in Commtouch Enterprise Anti-Spam Gateway 4 and 5 allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter.

Affected configurations

Nvd

Node

commtouchenterprise_anti-spam_gatewayMatch4

commtouchenterprise_anti-spam_gatewayMatch5

VendorProductVersionCPE
commtouchenterprise_anti-spam_gateway4cpe:2.3:a:commtouch:enterprise_anti-spam_gateway:4:*:*:*:*:*:*:*
commtouchenterprise_anti-spam_gateway5cpe:2.3:a:commtouch:enterprise_anti-spam_gateway:5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
commtouch	enterprise_anti-spam_gateway	4	cpe:2.3:a:commtouch:enterprise_anti-spam_gateway:4:::::::*
commtouch	enterprise_anti-spam_gateway	5	cpe:2.3:a:commtouch:enterprise_anti-spam_gateway:5:::::::*

References

blog.commtouch.com/cafe/email-security-news/vulnerability-in-commtouch-gateway-not-anymore/

lists.grok.org.uk/pipermail/full-disclosure/2008-June/062955.html

secunia.com/advisories/30876

www.securityfocus.com/bid/29957

exchange.xforce.ibmcloud.com/vulnerabilities/43442

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Related for CVE-2008-3082