Vulnerability Name:

CVE-2005-2022 (CCN-21048)

Assigned:2005-06-17
Published:2005-06-17
Updated:2011-03-08
Summary:Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-noinfo
CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2005-2022

Source: CCN
Type: Sun Alert ID: 101770
Security Vulnerability in Webmail May Allow an Unprivileged User to Execute Arbitrary Code

Source: SUNALERT
Type: Patch, Vendor Advisory
101770

Source: CCN
Type: CIAC INFORMATION BULLETIN P-298
Sun iPlanet Messaging Server Vulnerability

Source: CCN
Type: OSVDB ID: 11583
Sun ONE Messaging Server Webmail Session Hijacking

Source: CCN
Type: OSVDB ID: 17388
Sun ONE Messaging Server Webmail XSS

Source: CCN
Type: BID-13988
Sun ONE/iPlanet Messaging Server Webmail MSIE HTML Injection Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2005-0816

Source: XF
Type: UNKNOWN
iplanet-sun-webmail-command-execution(21048)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:iplanet_messaging_server:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:one_messaging_server:6.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sun:iplanet_messaging_server:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:one_messaging_server:6.2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:sun:solaris:2.6::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::64bit:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sun iplanet messaging server 5.2
    sun one messaging server 6.2
    sun iplanet messaging server 5.2
    sun one messaging server 6.2
    sun solaris 2.6
    sun solaris 8
    sun solaris 9
    sun solaris 10