BID:24110

KnowledgeTree Open Source Unspecified Security Bypass Vulnerability

Info

KnowledgeTree Open Source Unspecified Security Bypass Vulnerability

Bugtraq ID:	24110
Class:	Unknown
CVE:	CVE-2007-2849
Remote:	Yes
Local:	No
Published:	May 23 2007 12:00AM
Updated:	May 07 2015 05:38PM
Credit:	The vendor reported this issue.
Vulnerable:	knowledgeTree Open Source 3.3.3

Not Vulnerable:	knowledgeTree Open Source 3.3.7

Discussion

KnowledgeTree Open Source Unspecified Security Bypass Vulnerability

KnowledgeTree Open Source is prone to a security-bypass vulnerability.

A remote attacker may logon to the KnowledgeTree DMS Administration panel from Active Directory without a password. Attackers can exploit this issue to compromise the application; other attacks are also possible.

Versions of KnowledgeTree Open Source prior to 3.3.7 are vulnerable to this issue.

Exploit / POC

KnowledgeTree Open Source Unspecified Security Bypass Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

KnowledgeTree Open Source Unspecified Security Bypass Vulnerability

Solution:
The vendor has released updates to address this issue. Please see the references for more information.

References

KnowledgeTree Open Source Unspecified Security Bypass Vulnerability

References:

Changelog KnowledgeTree 3.3.7 (KnowledgeTree)
Vendor Homepage (KnowledgeTree)