{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-14T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"name": "2258", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2258"}, {"name": "23998", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23998"}, {"name": "20070214 Secunia Research: MailEnable Web Mail Client MultipleVulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/460063/100/0/threaded"}, {"name": "33191", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/33191"}, {"name": "ADV-2007-0595", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0595"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2007-38/advisory/"}, {"name": "22554", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22554"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2007-0652", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "2258", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2258"}, {"name": "23998", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23998"}, {"name": "20070214 Secunia Research: MailEnable Web Mail Client MultipleVulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/460063/100/0/threaded"}, {"name": "33191", "refsource": "OSVDB", "url": "http://osvdb.org/33191"}, {"name": "ADV-2007-0595", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0595"}, {"name": "http://secunia.com/secunia_research/2007-38/advisory/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2007-38/advisory/"}, {"name": "22554", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22554"}]}}}}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2007-0652", "datePublished": "2007-02-15T23:00:00", "dateReserved": "2007-02-01T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.0.004:*:*:*:*:*:*:*", "matchCriteriaId": "D078B497-4C3C-4246-87C5-58DC5EEED452", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.0.005:*:*:*:*:*:*:*", "matchCriteriaId": "97DD9EC9-1A27-4A96-95A1-086DEA1E3890", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.0.006:*:*:*:*:*:*:*", "matchCriteriaId": "193959CF-DAF3-4C62-8DB0-660115E1D41B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.0.007:*:*:*:*:*:*:*", "matchCriteriaId": "8A827A0E-BDF2-4BAB-9F52-0014FE6E4B70", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.0.008:*:*:*:*:*:*:*", "matchCriteriaId": "82CF54A9-CF50-4B23-8E3A-AFB08F7F98F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.0.009:*:*:*:*:*:*:*", "matchCriteriaId": "51BA53BA-CDF5-42EC-8D2B-EC24FDF82931", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.0.010:*:*:*:*:*:*:*", "matchCriteriaId": "F6B1E90C-AA06-4A89-90B3-0E7140F9B8DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.0.011:*:*:*:*:*:*:*", "matchCriteriaId": "060D809A-C603-4E06-9F57-3C76FEE6F86D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.0.012:*:*:*:*:*:*:*", "matchCriteriaId": "D53DE94B-0C32-4DDB-B13B-7B05208477AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.0.013:*:*:*:*:*:*:*", "matchCriteriaId": "1A5EA901-CD07-464B-8EB0-8F845EDABAA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.0.014:*:*:*:*:*:*:*", "matchCriteriaId": "92B2611A-D7CF-441A-BA60-F27CF28BEB3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.0.015:*:*:*:*:*:*:*", "matchCriteriaId": "7139C2FC-4DA3-4193-B130-05524EB97C69", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.0.016:*:*:*:*:*:*:*", "matchCriteriaId": "C78B7FD6-2433-4EAA-8B3E-0507F81D54FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.0.017:*:*:*:*:*:*:*", "matchCriteriaId": "1B8B058B-F517-46C4-AC05-8EC258E38A75", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "AF16E400-930E-4845-BB23-ED1217505302", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "8CFAF9C8-DB67-446E-B63C-530CB0C170B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.2a:*:*:*:*:*:*:*", "matchCriteriaId": "08F30383-D23F-4CA5-BC02-7716398BC042", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "7ADEF40C-4C56-4893-B757-15966ED5A925", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "FE40F5BA-6174-4959-BFD1-CCECAB138009", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "EA6DCAFE-CAC2-4B36-B3E1-FA2B490424EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.12:*:*:*:*:*:*:*", "matchCriteriaId": "430C8E86-F7CA-4217-A3C1-71CBE5CAB825", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.13:*:*:*:*:*:*:*", "matchCriteriaId": "D35AD18C-CA58-4DFC-A60F-49B698607B33", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.14:*:*:*:*:*:*:*", "matchCriteriaId": "B219EBD1-B0E9-4599-B633-AA4C227E5854", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.15:*:*:*:*:*:*:*", "matchCriteriaId": "81249BA3-3D1D-4388-BE8D-28AB5CA3AFF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.16:*:*:*:*:*:*:*", "matchCriteriaId": "771D029C-9F4A-41F9-8F86-F1B1BD38B329", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.17:*:*:*:*:*:*:*", "matchCriteriaId": "F32956E6-A13B-4663-BBC9-FEB08A1DCC3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.18:*:*:*:*:*:*:*", "matchCriteriaId": "1AABE2F0-FEC1-4BDE-B1C0-92FF2CEA48E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.19:*:*:*:*:*:*:*", "matchCriteriaId": "652F54CA-1CCA-4BC9-8728-A0F6FABF8817", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.51:*:*:*:*:*:*:*", "matchCriteriaId": "269BCB9D-9AEF-40E2-8291-50EC2A083775", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.52:*:*:*:*:*:*:*", "matchCriteriaId": "88435083-D7A8-4679-BEB1-4B6526454C3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.53:*:*:*:*:*:*:*", "matchCriteriaId": "145A8B1A-573D-4695-B66A-FF8EA2556DC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.54:*:*:*:*:*:*:*", "matchCriteriaId": "C9572349-9433-415F-B81B-10A1375AF33F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.72:*:*:*:*:*:*:*", "matchCriteriaId": "6F4AADE9-F3FB-4272-8026-58FC677D3F3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.73:*:*:*:*:*:*:*", "matchCriteriaId": "9DD53801-B8F7-4AE8-BA2B-AC6297340CB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.82:*:*:*:*:*:*:*", "matchCriteriaId": "4F785125-F530-4674-B2B3-0D97E8397391", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.83:*:*:*:*:*:*:*", "matchCriteriaId": "5F59A308-7D1A-4C4F-A34C-27FDCF12E3C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.84:*:*:*:*:*:*:*", "matchCriteriaId": "201B610A-DD27-48D2-A3EF-DFEBBDEA04BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.101:*:*:*:*:*:*:*", "matchCriteriaId": "652E1512-B1B1-44B5-93CF-9C526B95BA38", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.102:*:*:*:*:*:*:*", "matchCriteriaId": "2835FBA2-79E4-4541-913C-21BAD3320D55", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.103:*:*:*:*:*:*:*", "matchCriteriaId": "CD9449E3-1CEA-40AF-BD00-94B56E38AF5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.104:*:*:*:*:*:*:*", "matchCriteriaId": "39724984-2A10-441F-A103-2DFA693F4F19", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.105:*:*:*:*:*:*:*", "matchCriteriaId": "D01DB7FF-7171-43D2-96F3-E5C0AABA4877", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.106:*:*:*:*:*:*:*", "matchCriteriaId": "77B95FCC-55C7-4B44-B8C7-85792C7E91BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.107:*:*:*:*:*:*:*", "matchCriteriaId": "16E07556-02E5-42FA-9338-3176EB2ED536", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.108:*:*:*:*:*:*:*", "matchCriteriaId": "539C5F71-83FC-455C-8180-72C9F1E2C4A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.109:*:*:*:*:*:*:*", "matchCriteriaId": "C1C4D762-BF84-4734-B9AD-ED9F3FB85D0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.110:*:*:*:*:*:*:*", "matchCriteriaId": "B6B410FC-650E-4E51-8634-D99113E8B1AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.111:*:*:*:*:*:*:*", "matchCriteriaId": "45C6B358-93A6-4A9A-B284-9DFA9C981620", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.112:*:*:*:*:*:*:*", "matchCriteriaId": "2638B249-E955-48B3-A309-EF92737E015D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.113:*:*:*:*:*:*:*", "matchCriteriaId": "2F275DA6-7799-4B51-8F9C-DD23E8A3C5AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.114:*:*:*:*:*:*:*", "matchCriteriaId": "4FB961BA-8FAB-4FC5-B582-AF758E7D0E7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.115:*:*:*:*:*:*:*", "matchCriteriaId": "A400F721-435F-4EBA-8BC2-92E4769A35A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.116:*:*:*:*:*:*:*", "matchCriteriaId": "61206A1A-FF1A-4A45-8952-509168BD8495", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4FD7082-AC93-426F-9DA7-50CBFFDAC07A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "EB0576FE-F0BC-4DA7-B007-7DA49F369700", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "B2826B3D-44E0-4D4B-A681-8C3DADF522F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:2.32:*:*:*:*:*:*:*", "matchCriteriaId": "662AEDE4-698E-4C78-93B4-4B915749DF80", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:2.33:*:*:*:*:*:*:*", "matchCriteriaId": "87E5107B-BDC2-4972-A3A4-AA6782E46B0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:2.34:*:*:*:*:*:*:*", "matchCriteriaId": "6739BEA4-C75F-476E-AF5D-449D8236E042", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:2.35:*:*:*:*:*:*:*", "matchCriteriaId": "7FD0D1C2-A067-4F86-9179-ED1C263BE5B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:2.351:*:*:*:*:*:*:*", "matchCriteriaId": "6FBA085C-8A89-4625-9811-AF1B615F5939", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en MailEnable Professional versiones anteriores a 2.37 permite a atacantes remotos modificar configuraciones de su elecci\u00f3n y realizar acciones no autorizadas como usuarios de su elecci\u00f3n mediante una etiqueta link \u00f3 IMG.\r\n"}], "id": "CVE-2007-0652", "lastModified": "2018-10-16T16:33:43.327", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-02-15T23:28:00.000", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://osvdb.org/33191"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/23998"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/secunia_research/2007-38/advisory/"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://securityreason.com/securityalert/2258"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/archive/1/460063/100/0/threaded"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/bid/22554"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.vupen.com/english/advisories/2007/0595"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}