CVE-2004-2563

Name of the Vulnerable Software and Affected Versions Serena TeamTrack version 6.1.1

Description The issue allows remote attackers to obtain sensitive information, such as user names, versions, and database information. It also enables cross-site scripting (XSS) attacks. This can be achieved via a direct request to the tmtrack.dll endpoint with modified LoginPage and Template parameters.

Recommendations For Serena TeamTrack version 6.1.1, consider restricting access to the tmtrack.dll endpoint until a patch is available. As a temporary workaround, avoid using the modified LoginPage and Template parameters in requests to tmtrack.dll to minimize the risk of exploitation.