CVE-2007-2592 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Nokia	Intellisync Mobile Suite Groupwise Mobile Server Intellisync Wireless Email Express

Configuration 1 [-]

OR	cpe:2.3:a:nokia:groupwise_mobile_server::::::::
	cpe:2.3:a:nokia:intellisync_mobile_suite:6.4.31.2:::::::*
	cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.0.107:::::::*
	cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.2.2:::::::*
	cpe:2.3:a:nokia:intellisync_wireless_email_express::::::::

References

Link	Resource
http://osvdb.org/34515
http://osvdb.org/34516
http://osvdb.org/34517
http://secunia.com/advisories/25212	Patch Vendor Advisory
http://secunia.com/advisories/26199
http://securityreason.com/securityalert/2689
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html
http://www.sec-consult.com/289.html	Exploit Vendor Advisory
http://www.securityfocus.com/archive/1/468048/100/0/threaded
http://www.securityfocus.com/bid/23889
http://www.securitytracker.com/id?1018454
http://www.vupen.com/english/advisories/2007/1727
http://www.vupen.com/english/advisories/2007/2657
https://exchange.xforce.ibmcloud.com/vulnerabilities/34187

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-05-11T03:55:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-05-10T00:00:00

Link: CVE-2007-2592

JSON object: View

NVD Information

Status : Modified

Published: 2007-05-11T04:20:00.000

Modified: 2018-10-16T16:44:41.103

Link: CVE-2007-2592

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-09T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.sec-consult.com/289.html"}, {"name": "34517", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34517"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html"}, {"name": "ADV-2007-1727", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1727"}, {"name": "26199", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26199"}, {"name": "34516", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34516"}, {"name": "34515", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34515"}, {"name": "20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite & Wireless Email Express", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded"}, {"name": "1018454", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018454"}, {"name": "25212", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25212"}, {"name": "2689", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2689"}, {"name": "ADV-2007-2657", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2657"}, {"name": "23889", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23889"}, {"name": "nokia-multiple-scripts-xss(34187)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34187"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2592", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.sec-consult.com/289.html", "refsource": "MISC", "url": "http://www.sec-consult.com/289.html"}, {"name": "34517", "refsource": "OSVDB", "url": "http://osvdb.org/34517"}, {"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html", "refsource": "CONFIRM", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html"}, {"name": "ADV-2007-1727", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1727"}, {"name": "26199", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26199"}, {"name": "34516", "refsource": "OSVDB", "url": "http://osvdb.org/34516"}, {"name": "34515", "refsource": "OSVDB", "url": "http://osvdb.org/34515"}, {"name": "20070509 SEC Consult SA-20070509-0 :: Multiple vulnerabilites in Nokia Intellisync Mobile Suite & Wireless Email Express", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded"}, {"name": "1018454", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018454"}, {"name": "25212", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25212"}, {"name": "2689", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2689"}, {"name": "ADV-2007-2657", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2657"}, {"name": "23889", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23889"}, {"name": "nokia-multiple-scripts-xss(34187)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34187"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2592", "datePublished": "2007-05-11T03:55:00", "dateReserved": "2007-05-10T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nokia:groupwise_mobile_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "49230DA2-0B09-42BF-811B-1CCF56181FBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:nokia:intellisync_mobile_suite:6.4.31.2:*:*:*:*:*:*:*", "matchCriteriaId": "A3E0EF3B-D4F6-4300-949B-F80285C43CAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.0.107:*:*:*:*:*:*:*", "matchCriteriaId": "DB300678-04E7-4F6B-AE43-8931C2FF5F40", "vulnerable": true}, {"criteria": "cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "F1795FDF-D272-476F-85FA-D57A474CA3F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:nokia:intellisync_wireless_email_express:*:*:*:*:*:*:*:*", "matchCriteriaId": "75F41ABD-B71D-48B3-B911-8F0ED1BA8A83", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades secuencias de comandos en sitios cruzados (XSS) en el Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107 y 6.6.2.2, posiblemente involucrando al Novell Groupwise Mobile Server y al Nokia Intellisync Wireless Email Express, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) username en el de/pda/dev_logon.asp y (2) m\u00faltiples vectores sin especificar en el (a) usrmgr/registerAccount.asp, (b) de/create_account.asp y otros archivos."}], "id": "CVE-2007-2592", "lastModified": "2018-10-16T16:44:41.103", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-05-11T04:20:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/34515"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/34516"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/34517"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25212"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26199"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2689"}, {"source": "cve@mitre.org", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.sec-consult.com/289.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/468048/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23889"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018454"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1727"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2657"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34187"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}