CVE-2011-5078
Severity Score
6.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD# 3 and 7.0 before ESD# 7 does not require admin authentication for unspecified scripts, which allows remote authenticated users to list or delete user accounts, modify passwords, or read log files via HTTP requests, aka Bug IDs 678497 and 678499.
La interfaz de administración Web en el servidor Sybase M-Business Anywhere v6.7 antes de ESD#3 y v7.0 antes de ESD#7 no requiere autenticación de administrador, lo que permite listar o eliminar cuentas de usuario, modificar las contraseñas o leer los archivos de registro a usuarios remotos autenticados a través de peticiones HTTP. Se trata de un problema explicados con los Bugs ID 678497 y 678499.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-02-08 CVE Reserved
- 2012-02-08 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.verisigninc.com/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=952 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.sybase.com/detail?id=1095200 | 2012-02-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sybase Search vendor "Sybase" | M-business Anywhere Search vendor "Sybase" for product "M-business Anywhere" | 6.7 Search vendor "Sybase" for product "M-business Anywhere" and version "6.7" | - |
Affected
| ||||||
| Sybase Search vendor "Sybase" | M-business Anywhere Search vendor "Sybase" for product "M-business Anywhere" | 7.0 Search vendor "Sybase" for product "M-business Anywhere" and version "7.0" | - |
Affected
| ||||||