{"api_version":"1","generated_at":"2026-05-15T16:43:04+00:00","cve":"CVE-2006-1997","urls":{"html":"https://cve.report/CVE-2006-1997","api":"https://cve.report/api/cve/CVE-2006-1997.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-1997","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-1997"},"summary":{"title":"CVE-2006-1997","description":"Unspecified vulnerability in Sybase Pylon Anywhere groupware synchronization server before 7.0 allows local users to obtain sensitive information such as email and PIM data of another user via unknown attack vectors.","state":"PUBLISHED","assigner":"mitre","published_at":"2006-04-25 12:50:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-noinfo","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"2.1","severity":"","vector":"AV:L/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securityfocus.com/bid/17677","name":"http://www.securityfocus.com/bid/17677","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sybase Pylon Anywhere Unauthorized Access Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2006/1477","name":"http://www.vupen.com/english/advisories/2006/1477","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25989","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25989","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.sybase.com/detail?id=1040213","name":"http://www.sybase.com/detail?id=1040213","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Possible security vulnerability Pylon Anywhere - Sybase Inc","mime":"text/html","httpstatus":"403","archivestatus":"200"},{"url":"http://secunia.com/advisories/19784","name":"http://secunia.com/advisories/19784","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Pylon Anywhere Access Restriction Bypass Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-1997","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-1997","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"1997","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sybase","cpe5":"pylon_anywhere","cpe6":"5.5.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1997","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sybase","cpe5":"pylon_anywhere","cpe6":"6.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1997","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sybase","cpe5":"pylon_anywhere","cpe6":"6.3.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1997","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sybase","cpe5":"pylon_anywhere","cpe6":"6.4.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1997","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sybase","cpe5":"pylon_anywhere","cpe6":"6.4.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1997","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sybase","cpe5":"pylon_anywhere","cpe6":"6.4.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2006","cve_id":"1997","cve":"CVE-2006-1997","epss":"0.000780000","percentile":"0.230260000","score_date":"2026-04-20","updated_at":"2026-04-21 00:07:48"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T17:35:30.751Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"ADV-2006-1477","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2006/1477"},{"name":"17677","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/17677"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.sybase.com/detail?id=1040213"},{"name":"19784","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/19784"},{"name":"pylon-groupware-unauth-access(25989)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25989"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2006-04-24T00:00:00.000Z","descriptions":[{"lang":"en","value":"Unspecified vulnerability in Sybase Pylon Anywhere groupware synchronization server before 7.0 allows local users to obtain sensitive information such as email and PIM data of another user via unknown attack vectors."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-19T15:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"ADV-2006-1477","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2006/1477"},{"name":"17677","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/17677"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.sybase.com/detail?id=1040213"},{"name":"19784","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/19784"},{"name":"pylon-groupware-unauth-access(25989)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25989"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-1997","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Unspecified vulnerability in Sybase Pylon Anywhere groupware synchronization server before 7.0 allows local users to obtain sensitive information such as email and PIM data of another user via unknown attack vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"ADV-2006-1477","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/1477"},{"name":"17677","refsource":"BID","url":"http://www.securityfocus.com/bid/17677"},{"name":"http://www.sybase.com/detail?id=1040213","refsource":"CONFIRM","url":"http://www.sybase.com/detail?id=1040213"},{"name":"19784","refsource":"SECUNIA","url":"http://secunia.com/advisories/19784"},{"name":"pylon-groupware-unauth-access(25989)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25989"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2006-1997","datePublished":"2006-04-25T10:00:00.000Z","dateReserved":"2006-04-25T00:00:00.000Z","dateUpdated":"2024-08-07T17:35:30.751Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2006-04-25 12:50:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-noinfo","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sybase:pylon_anywhere:5.5.4:*:*:*:*:*:*:*","matchCriteriaId":"D1FB7614-BC41-49B0-8A1F-9C5417260053"},{"vulnerable":true,"criteria":"cpe:2.3:a:sybase:pylon_anywhere:6.2.1:*:*:*:*:*:*:*","matchCriteriaId":"792F0A15-CCAD-42D7-9250-88868E8B5EBA"},{"vulnerable":true,"criteria":"cpe:2.3:a:sybase:pylon_anywhere:6.3.2:*:*:*:*:*:*:*","matchCriteriaId":"5135DC58-E927-4367-A87E-F531A85FB96A"},{"vulnerable":true,"criteria":"cpe:2.3:a:sybase:pylon_anywhere:6.4.2:*:*:*:*:*:*:*","matchCriteriaId":"B738990A-1A1D-4FE2-AB55-69DC6A4B1941"},{"vulnerable":true,"criteria":"cpe:2.3:a:sybase:pylon_anywhere:6.4.8:*:*:*:*:*:*:*","matchCriteriaId":"59E01B9C-FF71-4828-A2BE-093A7656FEEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:sybase:pylon_anywhere:6.4.9:*:*:*:*:*:*:*","matchCriteriaId":"8A932944-2391-4633-BA59-59A60FC99C32"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"1997","Ordinal":"1","Title":"CVE-2006-1997","CVE":"CVE-2006-1997","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"1997","Ordinal":"1","NoteData":"Unspecified vulnerability in Sybase Pylon Anywhere groupware synchronization server before 7.0 allows local users to obtain sensitive information such as email and PIM data of another user via unknown attack vectors.","Type":"Description","Title":"CVE-2006-1997"},{"CveYear":"2006","CveId":"1997","Ordinal":"2","NoteData":"2006-04-25","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"1997","Ordinal":"3","NoteData":"2017-07-19","Type":"Other","Title":"Modified"}]}}}