Vulnerability Description
Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ipswitch | Imail | 6.1 |
References
- http://support.ipswitch.com/kb/IM-20011219-DM01.htm
- http://support.ipswitch.com/kb/IM-20020301-DM02.htm
- http://www.iss.net/security_center/static/7752.phpVendor Advisory
- http://www.securityfocus.com/archive/1/247786Vendor Advisory
- http://www.securityfocus.com/bid/3766Vendor Advisory
- http://support.ipswitch.com/kb/IM-20011219-DM01.htm
- http://support.ipswitch.com/kb/IM-20020301-DM02.htm
- http://www.iss.net/security_center/static/7752.phpVendor Advisory
- http://www.securityfocus.com/archive/1/247786Vendor Advisory
- http://www.securityfocus.com/bid/3766Vendor Advisory
FAQ
What is CVE-2001-1211?
CVE-2001-1211 is a vulnerability with a CVSS score of 7.5 (HIGH). Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) alias...
How severe is CVE-2001-1211?
CVE-2001-1211 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1211?
Check the references section above for vendor advisories and patch information. Affected products include: Ipswitch Imail.