製品・ソフトウェアに関する情報

JVN脆弱性詳細

Nokia Intellisync Mobile Suite などにおけるクロスサイトスクリプティングの脆弱性

Title	Nokia Intellisync Mobile Suite などにおけるクロスサイトスクリプティングの脆弱性
Summary	Nokia Intellisync Mobile Suite、Novell Groupwise Mobile Server および Nokia Intellisync Wireless Email Express には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	第三者により、以下を介して、任意の Web スクリプトまたは HTML を挿入される可能性があります。 (1) de/pda/dev_logon.asp への username パラメータ (2) usrmgr/registerAccount.asp、de/create_account.aspなど、不特定のファイル内の経路 .
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	May 11, 2007, midnight
Registration Date	Sept. 25, 2012, 4:47 p.m.
Last Update	Sept. 25, 2012, 4:47 p.m.

Affected System

ノキア

groupwise mobile server

intellisync mobile suite 6.4.31.2、6.6.0.107、および 6.6.2.2

intellisync wireless email express

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-2592	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2592
National Vulnerability Database (NVD)
2	CVE-2007-2592	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2592

ベンダー情報

No	Name	URL
Nokia
1	Top page	http://www.nokia.com/global/

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-2592

Summary	Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files.
Publication Date	May 11, 2007, 1:20 p.m.
Registration Date	Jan. 29, 2021, 2:12 p.m.
Last Update	Oct. 17, 2018, 1:44 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:nokia:groupwise_mobile_server::::::::
cpe:2.3:a:nokia:intellisync_mobile_suite:6.4.31.2:::::::*
cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.0.107:::::::*
cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.2.2:::::::*
cpe:2.3:a:nokia:intellisync_wireless_email_express::::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://osvdb.org/34515	OSVDB
2	http://osvdb.org/34516	OSVDB
3	http://osvdb.org/34517	OSVDB
4	http://secunia.com/advisories/25212	SECUNIA	Patch Vendor Advisory
5	http://secunia.com/advisories/26199	SECUNIA
6	http://securityreason.com/securityalert/2689	SREASON
7	http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html	CONFIRM
8	http://www.sec-consult.com/289.html	MISC	Exploit Vendor Advisory
9	http://www.securityfocus.com/archive/1/468048/100/0/threaded	BUGTRAQ
10	http://www.securityfocus.com/bid/23889	BID
11	http://www.securitytracker.com/id?1018454	SECTRACK
12	http://www.vupen.com/english/advisories/2007/1727	VUPEN
13	http://www.vupen.com/english/advisories/2007/2657	VUPEN
14	https://exchange.xforce.ibmcloud.com/vulnerabilities/34187	XF

Common Vulnerabilities List