Vulnerability Description
account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MM_recordId parameter on the "My Account" page.
CVSS Score
6.4
MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Duware | Duclassmate | 1.0 |
References
- http://www.osvdb.org/10663
- http://www.securityfocus.com/bid/11363Exploit
- http://www.securitytracker.com/alerts/2004/Oct/1011597.htmlExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17682
- http://www.osvdb.org/10663
- http://www.securityfocus.com/bid/11363Exploit
- http://www.securitytracker.com/alerts/2004/Oct/1011597.htmlExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17682
FAQ
What is CVE-2004-2198?
CVE-2004-2198 is a vulnerability with a CVSS score of 6.4 (MEDIUM). account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MM_recordId parameter on the "My Account" page.
How severe is CVE-2004-2198?
CVE-2004-2198 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2198?
Check the references section above for vendor advisories and patch information. Affected products include: Duware Duclassmate.