6.4
CVE-2007-2590
- EPSS 1.54%
- Veröffentlicht 11.05.2007 04:20:00
- Zuletzt bearbeitet 16.06.2026 22:39:53
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nokia ≫ Intellisync Mobile Suite Version6.4.31.2
Nokia ≫ Intellisync Mobile Suite Version6.6.0.107
Nokia ≫ Intellisync Mobile Suite Version6.6.2.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.54% | 0.717 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://secunia.com/advisories/25212
http://www.sec-consult.com/289.html
http://www.securityfocus.com/archive/1/468048/100/0/threaded
http://www.vupen.com/english/advisories/2007/1727
http://osvdb.org/34514
http://securityreason.com/securityalert/2689