Back to search
CVE-2011-5078
Published: Feb 8, 2012
Modified: Sep 16, 2024
PUBLISHED
Description
The web administration interface in the server in Sybase M-Business Anywhere 6.7 before ESD# 3 and 7.0 before ESD# 7 does not require admin authentication for unspecified scripts, which allows remote authenticated users to list or delete user accounts, modify passwords, or read log files via HTTP requests, aka Bug IDs 678497 and 678499.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.sybase.com/detail?id=1095200
x_refsource_CONFIRM
20111014 Sybase M-Business Anywhere Insecure Permissions Vulnerability
third-party-advisory
x_refsource_IDEFENSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now