Vulnerability Description
MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Contelligent | C1 Financial Services | 9.1.4 |
Related Weaknesses (CWE)
References
- http://osvdb.org/33497
- http://secunia.com/advisories/24364Vendor Advisory
- http://www.contelligent.com/contell/cms/c1web/contelligent/site/contelligent/cha
- http://www.securityfocus.com/bid/22785
- http://www.vupen.com/english/advisories/2007/0814
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32775
- http://osvdb.org/33497
- http://secunia.com/advisories/24364Vendor Advisory
- http://www.contelligent.com/contell/cms/c1web/contelligent/site/contelligent/cha
- http://www.securityfocus.com/bid/22785
- http://www.vupen.com/english/advisories/2007/0814
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32775
FAQ
What is CVE-2007-1249?
CVE-2007-1249 is a vulnerability with a CVSS score of 6.8 (MEDIUM). MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder ...
How severe is CVE-2007-1249?
CVE-2007-1249 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1249?
Check the references section above for vendor advisories and patch information. Affected products include: Contelligent C1 Financial Services.