CVE-2007-2590

CVSS V2 Medium 6.4 CVSS V3 None
Description
Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp.
Overview
  • CVE ID
  • CVE-2007-2590
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2007-05-11T04:20:00
  • Last Modified Date
  • 2018-10-16T16:44:40
Weakness Enumerations
CWE URL
CWE-200 http://cwe.mitre.org/data/definitions/200.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:nokia:groupwise_mobile_server:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:nokia:intellisync_mobile_suite:6.4.31.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.0.107:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:nokia:intellisync_wireless_email_express:*:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 6.4
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 4.9
References
Reference URL Reference Tags
http://www.sec-consult.com/289.html Exploit Vendor Advisory
http://secunia.com/advisories/25212 Patch Vendor Advisory
http://securityreason.com/securityalert/2689
http://www.vupen.com/english/advisories/2007/1727
http://osvdb.org/34514
http://www.securityfocus.com/archive/1/468048/100/0/threaded
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2007-2590
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2590
History
Created Old Value New Value Data Type Notes
2022-05-10 18:15:17 Added to TrackCVE