CVE-2005-0811 - The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been di

CVE-2005-0811

Summary

The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs.

References

http://secunia.com/advisories/14617
http://www.kb.cert.org/vuls/id/131828
http://www.securityfocus.com/bid/12843

Vulnerable Configurations

cpe:2.3:a:notify_technology:notifylink:enterprise_server:*:*:*:*:*:*:*
cpe:2.3:a:notify_technology:notifylink:enterprise_server:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 05-09-2008 - 20:47)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	12843
cert-vn	VU#131828
secunia	14617

Last major update

05-09-2008 - 20:47

Published

02-05-2005 - 04:00

Last modified

05-09-2008 - 20:47