Open Business Management Unspecified Authentication Bypass Vulnerability
BID:23472
Info
Open Business Management Unspecified Authentication Bypass Vulnerability
| Bugtraq ID: | 23472 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2007 12:00AM |
| Updated: | Apr 13 2007 06:11PM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
OBM Open Business Management 1.2.4 |
| Not Vulnerable: |
OBM Open Business Management 2.0 |
Discussion
Open Business Management Unspecified Authentication Bypass Vulnerability
Open Business Management is prone to an unspecified authentication-bypass vulnerability because it fails to authenticate users before providing access to sensitive information.
Exploiting this issue could allow an attacker to access administrative modules and gain elevated privileges. A successful exploit could compromise the application.
Open Business Management versions prior to 2.0 are reported vulnerable to this issue.
Open Business Management is prone to an unspecified authentication-bypass vulnerability because it fails to authenticate users before providing access to sensitive information.
Exploiting this issue could allow an attacker to access administrative modules and gain elevated privileges. A successful exploit could compromise the application.
Open Business Management versions prior to 2.0 are reported vulnerable to this issue.
Exploit / POC
Open Business Management Unspecified Authentication Bypass Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Open Business Management Unspecified Authentication Bypass Vulnerability
Solution:
The vendor has released an updated version that addresses this issue. Please see the references for more information.
Solution:
The vendor has released an updated version that addresses this issue. Please see the references for more information.
References
Open Business Management Unspecified Authentication Bypass Vulnerability
References:
References:
- Open Business Management Changelog-2.0 (Open Business Management)
- Open Business Management Homepage (Open Business Management)