Vulnerabilities > CVE-2004-1611 - Remote vulnerability in Best Software SalesLogix

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
best-software
saleslogix-corporation

Summary

SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to (1) execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack, or (2) obtain the database password via a GetConnection request to TCP port 1707.

Vulnerable Configurations

Part Description Count
Application
Best_Software
1
Application
Saleslogix_Corporation
1