PT-2007-3909 · Nokia · Nokia Intellisync Mobile Suite
Published
2007-05-11
·
Updated
2018-10-16
·
CVE-2007-2590
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Nokia Intellisync Mobile Suite versions 6.4.31.2, 6.6.0.107, 6.6.2.2
Description
The issue allows remote attackers to obtain user names and other sensitive information. This is achieved by making a direct request to specific API endpoints, such as "usrmgr/userList.asp" or "usrmgr/userStatusList.asp".
Recommendations
For Nokia Intellisync Mobile Suite version 6.4.31.2, restrict access to the "usrmgr/userList.asp" and "usrmgr/userStatusList.asp" endpoints to minimize the risk of exploitation.
For Nokia Intellisync Mobile Suite version 6.6.0.107, consider disabling direct requests to the "usrmgr/userList.asp" and "usrmgr/userStatusList.asp" endpoints until a fix is available.
For Nokia Intellisync Mobile Suite version 6.6.2.2, avoid using the sensitive information retrieval functionality in the "usrmgr/userList.asp" and "usrmgr/userStatusList.asp" endpoints until the issue is resolved.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nokia Intellisync Mobile Suite