EASY ENTERPRISE Multiple Vulnerabilities
BID:38966
Info
EASY ENTERPRISE Multiple Vulnerabilities
| Bugtraq ID: | 38966 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 25 2010 12:00AM |
| Updated: | Mar 25 2010 12:00AM |
| Credit: | Michael Mueller from Integralis |
| Vulnerable: |
EASY SOFTWARE EASY ENTERPRISE 6.0f 1752 |
| Not Vulnerable: |
EASY SOFTWARE EASY ENTERPRISE 6.0f 1754 |
Discussion
EASY ENTERPRISE Multiple Vulnerabilities
EASY ENTERPRISE is prone to multiple vulnerabilities, including multiple cross-site scripting issues, an HTML-injection issue, multiple information disclosure issues, and an unauthorized access issue.
Attackers can exploit these issues to steal cookie-based authentication credentials, gain administrative access to the affected application, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, obtain sensitive information, and perform restricted actions.
Versions prior to EASY ENTERPRISE 1754 are vulnerable.
EASY ENTERPRISE is prone to multiple vulnerabilities, including multiple cross-site scripting issues, an HTML-injection issue, multiple information disclosure issues, and an unauthorized access issue.
Attackers can exploit these issues to steal cookie-based authentication credentials, gain administrative access to the affected application, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, obtain sensitive information, and perform restricted actions.
Versions prior to EASY ENTERPRISE 1754 are vulnerable.
Exploit / POC
EASY ENTERPRISE Multiple Vulnerabilities
Attackers can use a browser to exploit these issues. In order to exploit a cross-site scripting vulnerability, the attacker must entice an unsuspecting user into following a crafted link.
Attackers can use a browser to exploit these issues. In order to exploit a cross-site scripting vulnerability, the attacker must entice an unsuspecting user into following a crafted link.
Solution / Fix
EASY ENTERPRISE Multiple Vulnerabilities
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.