Vulnerabilities > CVE-2007-2591 - Denial-Of-Service vulnerability in Nokia products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

nokia

NVD

Published: 2007-05-11

Updated: 2018-10-16

Summary

usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account deactivation) via the userid parameter in an update action.

Vulnerable Configurations

Part	Description	Count
Application	Nokia Nokia Groupwise Mobile Server * Nokia Intellisync Mobile Suite 6.4.31.2 Nokia Intellisync Mobile Suite 6.6.0.107 Nokia Intellisync Mobile Suite 6.6.2.2 Nokia Intellisync Wireless Email Express *	5

References

http://osvdb.org/34513
http://secunia.com/advisories/25212
http://securityreason.com/securityalert/2689
http://www.sec-consult.com/289.html
http://www.securityfocus.com/archive/1/468048/100/0/threaded
http://www.vupen.com/english/advisories/2007/1727