Sonexis ConferenceManager Multiple Information Disclosure and Security Bypass Vulnerabilities

Bugtraq ID:	51994
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 14 2012 12:00AM
Updated:	Feb 14 2012 12:00AM
Credit:	Titon
Vulnerable:	Sonexis Technology Sonexis ConferenceManager 10.0.40 Sonexis Technology Sonexis ConferenceManager 9.3.14 Sonexis Technology Sonexis ConferenceManager 9.2.11 Sonexis Technology Sonexis ConferenceManager 9.1.18 Sonexis Technology Sonexis ConferenceManager 8.0.15 Sonexis Technology Sonexis ConferenceManager 6.1.39
Not Vulnerable:

Sonexis ConferenceManager Multiple Information Disclosure and Security Bypass Vulnerabilities

Sonexis ConferenceManager is prone to remote information-disclosure and security-bypass vulnerabilities.

An attacker may exploit these issues to obtain sensitive information and bypass certain security restrictions.

Sonexis ConferenceManager versions 10.0.40 and prior are vulnerable.

Sonexis ConferenceManager Multiple Information Disclosure and Security Bypass Vulnerabilities

Attackers can exploit these issues using browser or readily available tools.

Sonexis ConferenceManager Multiple Information Disclosure and Security Bypass Vulnerabilities

Solution:
Reportedly, the issue is fixed; however, Symantec has not confirmed this. Please contact the vendor for more information.

Sonexis ConferenceManager Multiple Information Disclosure and Security Bypass Vulnerabilities

References:

• Hacking the Sonexis ConferenceManager (Netragard)
  
• Sonexis ConferenceManager Homepage (Sonexis Technology)