CVE-2007-2590

Name of the Vulnerable Software and Affected Versions Nokia Intellisync Mobile Suite versions 6.4.31.2, 6.6.0.107, 6.6.2.2

Description The issue allows remote attackers to obtain user names and other sensitive information. This is achieved by making a direct request to specific API endpoints, such as "usrmgr/userList.asp" or "usrmgr/userStatusList.asp".

Recommendations For Nokia Intellisync Mobile Suite version 6.4.31.2, restrict access to the "usrmgr/userList.asp" and "usrmgr/userStatusList.asp" endpoints to minimize the risk of exploitation. For Nokia Intellisync Mobile Suite version 6.6.0.107, consider disabling direct requests to the "usrmgr/userList.asp" and "usrmgr/userStatusList.asp" endpoints until a fix is available. For Nokia Intellisync Mobile Suite version 6.6.2.2, avoid using the sensitive information retrieval functionality in the "usrmgr/userList.asp" and "usrmgr/userStatusList.asp" endpoints until the issue is resolved.