CVE-2011-5078

Name of the Vulnerable Software and Affected Versions Sybase M-Business Anywhere versions 6.7 through 6.7 before ESD# 3 Sybase M-Business Anywhere versions 7.0 through 7.0 before ESD# 7

Description The web administration interface in the server does not require admin authentication for certain scripts, allowing remote authenticated users to list or delete user accounts, modify passwords, or read log files via HTTP requests.

Recommendations For Sybase M-Business Anywhere version 6.7, update to ESD# 3 or later. For Sybase M-Business Anywhere version 7.0, update to ESD# 7 or later.