CVE-2012-3821 - A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterpris

CVE-2012-3821

Summary

A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field.

References

http://archives.neohapsis.com/archives/bugtraq/2012-10/0103.html
http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/79508
https://www.securityfocus.com/archive/1/524462
https://www.securityfocus.com/bid/56117/info

Vulnerable Configurations

cpe:2.3:a:arialsoftware:campaign_enterprise:11.0.551:*:*:*:*:*:*:*
cpe:2.3:a:arialsoftware:campaign_enterprise:11.0.551:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 22-01-2020 - 18:56)
Impact:
Exploitability:

CWE

CWE-863

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:P/A:N

refmap via4

misc

http://archives.neohapsis.com/archives/bugtraq/2012-10/0103.html
http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/79508
https://www.securityfocus.com/archive/1/524462
https://www.securityfocus.com/bid/56117/info

Last major update

22-01-2020 - 18:56

Published

10-01-2020 - 20:15

Last modified

22-01-2020 - 18:56