PT-2004-3454 · Serena · Serena Teamtrack

Published

2004-12-31

Updated

2017-07-11

CVE-2004-2563

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Serena TeamTrack version 6.1.1

Description The issue allows remote attackers to obtain sensitive information, such as user names, versions, and database information. It also enables cross-site scripting (XSS) attacks. This can be achieved via a direct request to the tmtrack.dll endpoint with modified LoginPage and Template parameters.

Recommendations For Serena TeamTrack version 6.1.1, consider restricting access to the tmtrack.dll endpoint until a patch is available. As a temporary workaround, avoid using the modified LoginPage and Template parameters in requests to tmtrack.dll to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-2563

Affected Products

Serena Teamtrack

PT-2004-3454 · Serena · Serena Teamtrack

CVE-2004-2563

Related Identifiers

Affected Products

References · 10