Lucene search

[email protected]CVE-2011-5078

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-5078

2022-10-0316:15:12

CWE-264

[email protected]

web.nvd.nist.gov

sybase

m-business anywhere

cve-2011-5078

web administration

vulnerability

authentication

remote access

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.8%

JSON

The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD# 3 and 7.0 before ESD# 7 does not require admin authentication for unspecified scripts, which allows remote authenticated users to list or delete user accounts, modify passwords, or read log files via HTTP requests, aka Bug IDs 678497 and 678499.

Affected configurations

NVD

Node

sybasem-business_anywhereMatch6.7

sybasem-business_anywhereMatch7.0

CPENameOperatorVersion
sybase:m-business_anywheresybase m-business anywhereeq6.7
sybase:m-business_anywheresybase m-business anywhereeq7.0

CPE	Name	Operator	Version
sybase:m-business_anywhere	sybase m-business anywhere	eq	6.7
sybase:m-business_anywhere	sybase m-business anywhere	eq	7.0

References

www.sybase.com/detail?id=1095200

www.verisigninc.com/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=952

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.8%

JSON

Related for CVE-2011-5078

cvelist1 nvd1 prion1