CVE-2012-4669

EPSS 0.26%
Veröffentlicht 25.08.2012 16:55:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Isode ≫ M-link Version14.6

Isode ≫ M-link Version15.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.46

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://xmpp.org/resources/security-notices/server-dialback/

http://isode.com/company/wordpress/xmpp-server-dialback/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2012-4669

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-4669

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-4669

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2012-4669