PT-2012-2056 · Sybase · Sybase M-Business Anywhere

Published

2012-02-08

Updated

2012-02-09

CVE-2011-5078

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Sybase M-Business Anywhere versions 6.7 through 6.7 before ESD# 3 Sybase M-Business Anywhere versions 7.0 through 7.0 before ESD# 7

Description The web administration interface in the server does not require admin authentication for certain scripts, allowing remote authenticated users to list or delete user accounts, modify passwords, or read log files via HTTP requests.

Recommendations For Sybase M-Business Anywhere version 6.7, update to ESD# 3 or later. For Sybase M-Business Anywhere version 7.0, update to ESD# 7 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2011-5078

Affected Products

Sybase M-Business Anywhere

PT-2012-2056 · Sybase · Sybase M-Business Anywhere

CVE-2011-5078

Weakness Enumeration

Related Identifiers

Affected Products

References · 3