Vulnerabilities > CVE-2004-1610 - Remote Security vulnerability in SalesLogix

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

best-software

saleslogix-corporation

NVD

Published: 2004-10-18

Updated: 2016-10-18

Summary

SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables.

Vulnerable Configurations

Part	Description	Count
Application	Best_Software Best Software Saleslogix *	1
Application	Saleslogix_Corporation Saleslogix Corporation Saleslogix 2000.0	1

References

http://marc.info/?l=bugtraq&m=109811852218478&w=2