| Vulnerability Name: | CVE-2001-1211 (CCN-7752) | ||||||||
| Assigned: | 2001-12-31 | ||||||||
| Published: | 2001-12-31 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon Dec 31 2001 - 16:31:16 CST IMail Web Service User Aliases / Mailing Lists Admin Vulnerability Source: MITRE Type: CNA CVE-2001-1211 Source: MISC Type: UNKNOWN http://support.ipswitch.com/kb/IM-20011219-DM01.htm Source: MISC Type: UNKNOWN http://support.ipswitch.com/kb/IM-20020301-DM02.htm Source: CCN Type: Ipswitch Web site IMail Server Support Center > Patches & Upgrades Source: XF Type: Vendor Advisory imail-admin-domain-change(7752) Source: CCN Type: OSVDB ID: 10851 Ipswitch IMail listadm1 Arbitrary Mail List/User Modification Source: CCN Type: OSVDB ID: 10852 Ipswitch IMail aliasadmin Arbitrary Mail List/User Modification Source: BUGTRAQ Type: Vendor Advisory 20011231 IMail Web Service User Aliases / Mailing Lists Admin Vulnerability Source: BID Type: Vendor Advisory 3766 Source: CCN Type: BID-3766 Ipswitch IMail Domain Administration Privilege Escalation Vulnerability Source: XF Type: UNKNOWN imail-admin-domain-change(7752) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||