1. Home
  2. CVE Database
  3. CVE-2004-1610
HIGH · 7.5

CVE-2004-1610

SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2)...

Vulnerability Description

SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
Best SoftwareSaleslogixAll versions
Saleslogix CorporationSaleslogix2000.0

References

FAQ

What is CVE-2004-1610?

CVE-2004-1610 is a vulnerability with a CVSS score of 7.5 (HIGH). SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2)...

How severe is CVE-2004-1610?

CVE-2004-1610 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-1610?

Check the references section above for vendor advisories and patch information. Affected products include: Best Software Saleslogix, Saleslogix Corporation Saleslogix.