CVE-2007-1723 - OpenCVE

Vendors	Products
Ciphertrust	Ironmail

Link	Resource
http://osvdb.org/34526
http://osvdb.org/34527
http://osvdb.org/34528
http://osvdb.org/34529
http://osvdb.org/34530
http://osvdb.org/34531
http://osvdb.org/34532
http://osvdb.org/34533
http://secunia.com/advisories/24657	Vendor Advisory
http://securityreason.com/securityalert/2484
http://www.514.es/2007/03/siaadv07004_multiples_vulnerab.html
http://www.securityfocus.com/archive/1/463827/100/0/threaded
http://www.securitytracker.com/id?1017821
http://www.vupen.com/english/advisories/2007/1164	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33232

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-26T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administration console in Secure Computing CipherTrust IronMail 6.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) network, (2) defRouterIp, (3) hostName, (4) domainName, (5) ipAddress, (6) defaultRouter, (7) dns1, or (8) dns2 parameter to (a) admin/system_IronMail.do; the (9) ipAddress parameter to (b) admin/systemOutOfBand.do; the (10) password or (11) confirmPassword parameter to (c) admin/systemBackup.do; the (12) Klicense parameter to (d) admin/systemLicenseManager.do; the (13) rows[1].attrValueStr or (14) rows[2].attrValueStr parameter to (e) admin/systemWebAdminConfig.do; the (15) rows[0].attrValueStr, rows[1].attrValueStr, (16) rows[2].attrValue, or (17) rows[2].attrValueStrClone parameter to (f) admin/ldap_ConfigureServiceProperties.do; the (18) input1 parameter to (g) admin/mailFirewall_MailRoutingInternal.do; or the (19) rows[2].attrValueStr, (20) rows[3].attrValueStr, (21) rows[5].attrValueStr, or (22) rows[6].attrValueStr parameter to (h) admin/mailIdsConfig.do."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "34528", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34528"}, {"name": "34531", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34531"}, {"name": "1017821", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017821"}, {"name": "2484", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2484"}, {"name": "34529", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34529"}, {"name": "ADV-2007-1164", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1164"}, {"name": "ironmail-multiple-xss(33232)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33232"}, {"name": "20070326 Multiple XSS in IronMail", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/463827/100/0/threaded"}, {"name": "34530", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34530"}, {"name": "34533", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34533"}, {"tags": ["x_refsource_MISC"], "url": "http://www.514.es/2007/03/siaadv07004_multiples_vulnerab.html"}, {"name": "24657", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24657"}, {"name": "34527", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34527"}, {"name": "34532", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34532"}, {"name": "34526", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34526"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1723", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administration console in Secure Computing CipherTrust IronMail 6.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) network, (2) defRouterIp, (3) hostName, (4) domainName, (5) ipAddress, (6) defaultRouter, (7) dns1, or (8) dns2 parameter to (a) admin/system_IronMail.do; the (9) ipAddress parameter to (b) admin/systemOutOfBand.do; the (10) password or (11) confirmPassword parameter to (c) admin/systemBackup.do; the (12) Klicense parameter to (d) admin/systemLicenseManager.do; the (13) rows[1].attrValueStr or (14) rows[2].attrValueStr parameter to (e) admin/systemWebAdminConfig.do; the (15) rows[0].attrValueStr, rows[1].attrValueStr, (16) rows[2].attrValue, or (17) rows[2].attrValueStrClone parameter to (f) admin/ldap_ConfigureServiceProperties.do; the (18) input1 parameter to (g) admin/mailFirewall_MailRoutingInternal.do; or the (19) rows[2].attrValueStr, (20) rows[3].attrValueStr, (21) rows[5].attrValueStr, or (22) rows[6].attrValueStr parameter to (h) admin/mailIdsConfig.do."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "34528", "refsource": "OSVDB", "url": "http://osvdb.org/34528"}, {"name": "34531", "refsource": "OSVDB", "url": "http://osvdb.org/34531"}, {"name": "1017821", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017821"}, {"name": "2484", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2484"}, {"name": "34529", "refsource": "OSVDB", "url": "http://osvdb.org/34529"}, {"name": "ADV-2007-1164", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1164"}, {"name": "ironmail-multiple-xss(33232)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33232"}, {"name": "20070326 Multiple XSS in IronMail", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/463827/100/0/threaded"}, {"name": "34530", "refsource": "OSVDB", "url": "http://osvdb.org/34530"}, {"name": "34533", "refsource": "OSVDB", "url": "http://osvdb.org/34533"}, {"name": "http://www.514.es/2007/03/siaadv07004_multiples_vulnerab.html", "refsource": "MISC", "url": "http://www.514.es/2007/03/siaadv07004_multiples_vulnerab.html"}, {"name": "24657", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24657"}, {"name": "34527", "refsource": "OSVDB", "url": "http://osvdb.org/34527"}, {"name": "34532", "refsource": "OSVDB", "url": "http://osvdb.org/34532"}, {"name": "34526", "refsource": "OSVDB", "url": "http://osvdb.org/34526"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1723", "datePublished": "2007-03-28T00:00:00", "dateReserved": "2007-03-27T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ciphertrust:ironmail:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B5FD6CEB-660D-42C2-AA16-C2631EEBFCC9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administration console in Secure Computing CipherTrust IronMail 6.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) network, (2) defRouterIp, (3) hostName, (4) domainName, (5) ipAddress, (6) defaultRouter, (7) dns1, or (8) dns2 parameter to (a) admin/system_IronMail.do; the (9) ipAddress parameter to (b) admin/systemOutOfBand.do; the (10) password or (11) confirmPassword parameter to (c) admin/systemBackup.do; the (12) Klicense parameter to (d) admin/systemLicenseManager.do; the (13) rows[1].attrValueStr or (14) rows[2].attrValueStr parameter to (e) admin/systemWebAdminConfig.do; the (15) rows[0].attrValueStr, rows[1].attrValueStr, (16) rows[2].attrValue, or (17) rows[2].attrValueStrClone parameter to (f) admin/ldap_ConfigureServiceProperties.do; the (18) input1 parameter to (g) admin/mailFirewall_MailRoutingInternal.do; or the (19) rows[2].attrValueStr, (20) rows[3].attrValueStr, (21) rows[5].attrValueStr, or (22) rows[6].attrValueStr parameter to (h) admin/mailIdsConfig.do."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de tipo cross-site-scripting (XSS) en la consola Administraci\u00f3n en Secure Computing CipherTrust IronMail versi\u00f3n 6.1.1 permiten a los atacantes remotos inyectar scripts web o HTML arbitrarios por medio de (1) red, (2) defRouterIp, (3) hostName, (4) domainName, ( 5) ipAddress, (6) defaultRouter, (7) dns1 o (8) par\u00e1metro dns2 a (a) el archivo admin/system_IronMail.do; el (9) par\u00e1metro ipAddress a (b) admin/systemOutOfBand.do; (10) contrase\u00f1a o (11) par\u00e1metro confirmPassword a (c) admin/systemBackup.do; el (12) par\u00e1metro Klicense a (d) admin/systemLicenseManager.do; el par\u00e1metro (13) rows[1].attrValueStr o (14) rows[2].attrValueStr en (e) admin/systemWebAdminConfig.do; el (15) rows[0].attrValueStr, rows[1].attrValueStr, (16) rows[2].attrValue, o (17) rows[2].attrValueStrClone par\u00e1metro a (f) admin/ldap_ConfigureServiceProperties.do; el (18) par\u00e1metro input1 a (g) admin/mailFirewall_MailRoutingInternal.do; o los par\u00e1metros (19) rows[2].attrValueStr, (20) rows[3].attrValueStr, (21) rows[5].attrValueStr o (22) rows[6].attrValueStr en (h) admin/mailIdsConfig.do."}], "id": "CVE-2007-1723", "lastModified": "2018-10-16T16:40:37.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-03-28T00:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/34526"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/34527"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/34528"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/34529"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/34530"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/34531"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/34532"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/34533"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24657"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2484"}, {"source": "cve@mitre.org", "url": "http://www.514.es/2007/03/siaadv07004_multiples_vulnerab.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/463827/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1017821"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/1164"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33232"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

JSON object

JSON object

JSON object