7.5
CVE-2006-4954
- EPSS 7.78%
- Veröffentlicht 23.09.2006 10:07:00
- Zuletzt bearbeitet 16.06.2026 22:30:11
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe updateuser servlet in Neon WebMail for Java before 5.08 does not validate the in_id parameter, which allows remote attackers to modify information of arbitrary users, as demonstrated by modifying (1) passwords and (2) permissions, (3) viewing profile settings, and (4) creating and (5) deleting users.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Neosys ≫ Neon Webmail Version5.06 Editionjava
Neosys ≫ Neon Webmail Version5.07 Editionjava
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.78% | 0.939 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://secunia.com/advisories/22029
http://vuln.sg/neonmail506-en.html
http://www.securityfocus.com/bid/20109
http://www.securityfocus.com/bid/84203
https://exchange.xforce.ibmcloud.com/vulnerabilities/29089