CVE

CVE-2007-6319

Severity:
Pending analysis
Type:
CWE-264 Permissions, Privileges, and Access Control
Publication date:
19/02/2008
Last modified:
15/10/2018

Description

Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8.95d, 9.2 before 9.2c, and 9.3 before 9.3b allow remote attackers to (1) gain list administrator privileges or (2) access arbitrary mailing lists via unknown vectors related to modification of client-side information; and (3) allow remote authenticated administrators to modify other account data by creating "new accounts that collide with existing accounts."

Impact

Vector 2.0
AV:N/AC:L/Au:N/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 10.00 HIGH
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete

Base Score 2.0
10.00
Severity 2.0
HIGH

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:lyris:list_manager:8.95:*:*:*:*:*:*:*
cpe:2.3:a:lyris:list_manager:8.95a:*:*:*:*:*:*:*
cpe:2.3:a:lyris:list_manager:8.95b:*:*:*:*:*:*:*
cpe:2.3:a:lyris:list_manager:8.95c:*:*:*:*:*:*:*
cpe:2.3:a:lyris:list_manager:9.2:*:*:*:*:*:*:*
cpe:2.3:a:lyris:list_manager:9.2a:*:*:*:*:*:*:*
cpe:2.3:a:lyris:list_manager:9.2b:*:*:*:*:*:*:*
cpe:2.3:a:lyris:list_manager:9.3:*:*:*:*:*:*:*
cpe:2.3:a:lyris:list_manager:9.3a:*:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools