CVE-2006-6964

MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://securitytracker.com/id?1016337	Vendor Advisory
http://www.mailenable.com/Professional1-ReleaseNotes.txt	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27185
http://securitytracker.com/id?1016337	Vendor Advisory
http://www.mailenable.com/Professional1-ReleaseNotes.txt	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27185

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mailenable:mailenable_professional:1.7:::::::*
	cpe:2.3:a:mailenable:mailenable_professional:1.71:::::::*
	cpe:2.3:a:mailenable:mailenable_professional:1.72:::::::*
	cpe:2.3:a:mailenable:mailenable_professional:1.73:::::::*
	cpe:2.3:a:mailenable:mailenable_professional:1.74:::::::*
	cpe:2.3:a:mailenable:mailenable_professional:1.75:::::::*
	cpe:2.3:a:mailenable:mailenable_professional:1.76:::::::*
	cpe:2.3:a:mailenable:mailenable_professional:1.77:::::::*

History

21 Nov 2024, 00:24

Type	Values Removed	Values Added
References	~~() http://securitytracker.com/id?1016337 - Vendor Advisory~~	() http://securitytracker.com/id?1016337 - Vendor Advisory
References	~~() http://www.mailenable.com/Professional1-ReleaseNotes.txt - Vendor Advisory~~	() http://www.mailenable.com/Professional1-ReleaseNotes.txt - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/27185 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/27185 -

Information

Published : 2007-01-29 16:28

Updated : 2025-04-09 00:30

NVD link : CVE-2006-6964

Mitre link : CVE-2006-6964

CVE.ORG link : CVE-2006-6964

JSON object : View

Products Affected

mailenable

mailenable_professional

CWE

NVD-CWE-Other

{"id": "CVE-2006-6964", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-01-29T16:28:00.000", "references": [{"url": "http://securitytracker.com/id?1016337", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mailenable.com/Professional1-ReleaseNotes.txt", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27185", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1016337", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mailenable.com/Professional1-ReleaseNotes.txt", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27185", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source."}, {"lang": "es", "value": "MailEnable Professional anterior a 1.78 proporciona una contrase\u00f1a de usuario en texto claro cuando un administrador edita la configuraci\u00f3n del usuario, lo cual permite a administradores autenticados remotamente obtener informaci\u00f3n sensible viendo el c\u00f3digo fuente HTML."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA6DCAFE-CAC2-4B36-B3E1-FA2B490424EE"}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.71:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93A9222A-6F22-40BD-8411-69A90E8E46AA"}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.72:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F4AADE9-F3FB-4272-8026-58FC677D3F3F"}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.73:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DD53801-B8F7-4AE8-BA2B-AC6297340CB5"}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.74:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9100CDEC-AD30-4CE0-9772-BF0524EDBB01"}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.75:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C88089AF-34E8-40DA-9F1A-48F50C6B8A6C"}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.76:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7FA2C5E-A638-485B-969E-445C7B88D1CD"}, {"criteria": "cpe:2.3:a:mailenable:mailenable_professional:1.77:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80D3BFCC-4CF3-4FEB-844B-B6D092FCFD4E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}