Executive Summary

Informations
Name CVE-2001-1211 First vendor Publication 2001-12-31
Vendor Cve Last vendor Modification 2024-11-20

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1211

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8

Open Source Vulnerability Database (OSVDB)

Id Description
10852 Ipswitch IMail aliasadmin Arbitrary Mail List/User Modification

Ipswitch IMail aliasadmin contains a flaw that may allow a malicious user to gain administrative access to other domains hosted on the same server. The issue is triggered after the attacker has successfully authenticated to an administrative account on the vulnerable server. After they are authenticated, they may access any other domain hosted on the server, as the program only checks whether a given user is an administrator, and not specifically the administrator of the domain in question, before granting access. This may result in a loss of confidentiality, and integrity.
10851 Ipswitch IMail listadm1 Arbitrary Mail List/User Modification

Ipswitch IMail contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an attacker gain administrator access to one domain, allowing a remote attacker to gain control of other domains and edit the info or delete it.

Sources (Detail)

http://support.ipswitch.com/kb/IM-20011219-DM01.htm
http://support.ipswitch.com/kb/IM-20020301-DM02.htm
http://www.iss.net/security_center/static/7752.php
http://www.securityfocus.com/archive/1/247786
http://www.securityfocus.com/bid/3766
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2024-11-28 23:24:02
  • Multiple Updates
2024-11-28 12:04:46
  • Multiple Updates
2021-05-04 12:01:31
  • Multiple Updates
2021-04-22 01:01:39
  • Multiple Updates
2020-05-23 00:14:47
  • Multiple Updates
2013-05-11 12:06:32
  • Multiple Updates