Vulnerabilities > CVE-2001-1211 - Privilege Escalation vulnerability in Ipswitch IMail Domain Administration

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

ipswitch

NVD

Published: 2001-12-31

Updated: 2008-09-05

Summary

Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain.

Vulnerable Configurations

Part	Description	Count
Application	Ipswitch Ipswitch Imail 6.1 Ipswitch Imail 6.2 Ipswitch Imail 6.3 Ipswitch Imail 6.4 Ipswitch Imail 7.0.1 Ipswitch Imail 7.0.2 Ipswitch Imail 7.0.3 Ipswitch Imail 7.0.4	8

References

http://support.ipswitch.com/kb/IM-20011219-DM01.htm
http://support.ipswitch.com/kb/IM-20020301-DM02.htm
http://www.iss.net/security_center/static/7752.php
http://www.securityfocus.com/archive/1/247786
http://www.securityfocus.com/bid/3766