VAR-200112-0166
Vulnerability from variot - Updated: 2023-12-18 13:35Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. IMail also includes support for multiple domains, and web based administration. It runs on Microsoft Windows platforms. There is a vulnerability with the authentication process for this web administration tool. Any valid administrator account may make changes to any domain on the server. IPSwitch IMail is a popular web-based mail retrieval program used by many ISPs. Attackers can list, view, add, and delete other domains arbitrarily. User aliases and mailing lists for
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200112-0166",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "7.0.1"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.4"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.3"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.2"
},
{
"model": "imail",
"scope": "eq",
"trust": 1.9,
"vendor": "ipswitch",
"version": "6.1"
}
],
"sources": [
{
"db": "BID",
"id": "3766"
},
{
"db": "NVD",
"id": "CVE-2001-1211"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipswitch:imail:7.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1211"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zeeshan Mustafa\u203b security@zeeshan.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
],
"trust": 0.6
},
"cve": "CVE-2001-1211",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4016",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-1211",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200112-158",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-4016",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4016"
},
{
"db": "NVD",
"id": "CVE-2001-1211"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. IMail also includes support for multiple domains, and web based administration. It runs on Microsoft Windows platforms. \nThere is a vulnerability with the authentication process for this web administration tool. Any valid administrator account may make changes to any domain on the server. IPSwitch IMail is a popular web-based mail retrieval program used by many ISPs. Attackers can list, view, add, and delete other domains arbitrarily. User aliases and mailing lists for ",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1211"
},
{
"db": "BID",
"id": "3766"
},
{
"db": "VULHUB",
"id": "VHN-4016"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "3766",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2001-1211",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200112-158",
"trust": 0.7
},
{
"db": "XF",
"id": "7752",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20011231 IMAIL WEB SERVICE USER ALIASES / MAILING LISTS ADMIN VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4016",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4016"
},
{
"db": "BID",
"id": "3766"
},
{
"db": "NVD",
"id": "CVE-2001-1211"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
]
},
"id": "VAR-200112-0166",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4016"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:35:54.226000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1211"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/3766"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/247786"
},
{
"trust": 1.7,
"url": "http://support.ipswitch.com/kb/im-20011219-dm01.htm"
},
{
"trust": 1.7,
"url": "http://support.ipswitch.com/kb/im-20020301-dm02.htm"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/7752.php"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.asp"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4016"
},
{
"db": "BID",
"id": "3766"
},
{
"db": "NVD",
"id": "CVE-2001-1211"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4016"
},
{
"db": "BID",
"id": "3766"
},
{
"db": "NVD",
"id": "CVE-2001-1211"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-4016"
},
{
"date": "2001-12-31T00:00:00",
"db": "BID",
"id": "3766"
},
{
"date": "2001-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2001-1211"
},
{
"date": "2001-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-4016"
},
{
"date": "2009-07-11T09:56:00",
"db": "BID",
"id": "3766"
},
{
"date": "2008-09-05T20:25:58.093000",
"db": "NVD",
"id": "CVE-2001-1211"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Domain Management Authority Boost Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-158"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…