CVE-2007-1723

Name of the Vulnerable Software and Affected Versions: Secure Computing CipherTrust IronMail version 6.1.1

Description: The administration console in Secure Computing CipherTrust IronMail contains multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via various parameters to different API endpoints, including: "admin/system IronMail.do" with parameters such as network, defRouterIp, hostName, domainName, ipAddress, defaultRouter, dns1, or dns2; "admin/systemOutOfBand.do" with the ipAddress parameter; "admin/systemBackup.do" with the password or confirmPassword parameter; "admin/systemLicenseManager.do" with the Klicense parameter; "admin/systemWebAdminConfig.do" with the rows[1].attrValueStr or rows[2].attrValueStr parameter; "admin/ldap ConfigureServiceProperties.do" with the rows[0].attrValueStr, rows[1].attrValueStr, rows[2].attrValue, or rows[2].attrValueStrClone parameter; "admin/mailFirewall MailRoutingInternal.do" with the input1 parameter; "admin/mailIdsConfig.do" with the rows[2].attrValueStr, rows[3].attrValueStr, rows[5].attrValueStr, or rows[6].attrValueStr parameter.

Recommendations: As a temporary workaround, consider disabling access to the administration console until a patch is available. Restrict input for the parameters network, defRouterIp, hostName, domainName, ipAddress, defaultRouter, dns1, dns2, password, confirmPassword, Klicense, rows[1].attrValueStr, rows[2].attrValueStr, rows[0].attrValueStr, rows[1].attrValueStr, rows[2].attrValue, rows[2].attrValueStrClone, input1, rows[2].attrValueStr, rows[3].attrValueStr, rows[5].attrValueStr, and rows[6].attrValueStr to minimize the risk of exploitation. Avoid using the vulnerable API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.