ID CVE-2005-0811
Summary The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs.
References
Vulnerable Configurations
  • cpe:2.3:a:notify_technology:notifylink:enterprise_server:*:*:*:*:*:*:*
    cpe:2.3:a:notify_technology:notifylink:enterprise_server:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 05-09-2008 - 20:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 12843
cert-vn VU#131828
secunia 14617
Last major update 05-09-2008 - 20:47
Published 02-05-2005 - 04:00
Last modified 05-09-2008 - 20:47
Back to Top