Vulnerabilities > CVE-2004-1611 - Remote vulnerability in Best Software SalesLogix
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to (1) execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack, or (2) obtain the database password via a GetConnection request to TCP port 1707.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0661.html
- http://marc.info/?l=bugtraq&m=109811852218478&w=2
- http://secunia.com/advisories/12883
- http://securitytracker.com/id?1011769
- http://www.osvdb.org/10947
- http://www.osvdb.org/10948
- http://www.securityfocus.com/bid/11450
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17754