Lucene search

[email protected]NVD:CVE-2011-5078

HistoryFeb 08, 2012 - 9:55 p.m.

CVE-2011-5078

2012-02-0821:55:01

CWE-264

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.7%

JSON

The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD# 3 and 7.0 before ESD# 7 does not require admin authentication for unspecified scripts, which allows remote authenticated users to list or delete user accounts, modify passwords, or read log files via HTTP requests, aka Bug IDs 678497 and 678499.

Affected configurations

NVD

Node

sybasem-business_anywhereMatch6.7

sybasem-business_anywhereMatch7.0

References

www.sybase.com/detail?id=1095200

www.verisigninc.com/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=952

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.7%

JSON

Related for NVD:CVE-2011-5078

cvelist1 prion1 cve1