製品・ソフトウェアに関する情報

JVN脆弱性詳細

Nokia Intellisync Mobile Suite などにおけるクロスサイトスクリプティングの脆弱性

Title	Nokia Intellisync Mobile Suite などにおけるクロスサイトスクリプティングの脆弱性
Summary	Nokia Intellisync Mobile Suite、Novell Groupwise Mobile Server および Nokia Intellisync Wireless Email Express には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	第三者により、以下を介して、任意の Web スクリプトまたは HTML を挿入される可能性があります。 (1) de/pda/dev_logon.asp への username パラメータ (2) usrmgr/registerAccount.asp、de/create_account.aspなど、不特定のファイル内の経路 .
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	May 11, 2007, midnight
Registration Date	Sept. 25, 2012, 4:47 p.m.
Last Update	Sept. 25, 2012, 4:47 p.m.

CVSS2.0 : 警告
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected System

ノキア

groupwise mobile server

intellisync mobile suite 6.4.31.2、6.6.0.107、および 6.6.2.2

intellisync wireless email express

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-2592	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2592
National Vulnerability Database (NVD)
2	CVE-2007-2592	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2592

ベンダー情報

No	Name	URL
Nokia
1	Top page	http://www.nokia.com/global/

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-2592

Summary	Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files.
Summary	Múltiples vulnerabilidades secuencias de comandos en sitios cruzados (XSS) en el Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107 y 6.6.2.2, posiblemente involucrando al Novell Groupwise Mobile Server y al Nokia Intellisync Wireless Email Express, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro (1) username en el de/pda/dev_logon.asp y (2) múltiples vectores sin especificar en el (a) usrmgr/registerAccount.asp, (b) de/create_account.asp y otros archivos.
Publication Date	May 11, 2007, 1:20 p.m.
Registration Date	Jan. 29, 2021, 2:12 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:nokia:groupwise_mobile_server::::::::
cpe:2.3:a:nokia:intellisync_mobile_suite:6.4.31.2:::::::*
cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.0.107:::::::*
cpe:2.3:a:nokia:intellisync_mobile_suite:6.6.2.2:::::::*
cpe:2.3:a:nokia:intellisync_wireless_email_express::::::::

Related information, measures and tools

No	URL	refsource
1	http://osvdb.org/34515	cve@mitre.org
2	http://osvdb.org/34516	cve@mitre.org
3	http://osvdb.org/34517	cve@mitre.org
4	http://secunia.com/advisories/25212	cve@mitre.org
5	http://secunia.com/advisories/26199	cve@mitre.org
6	http://securityreason.com/securityalert/2689	cve@mitre.org
7	http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html	cve@mitre.org
8	http://www.sec-consult.com/289.html	cve@mitre.org
9	http://www.securityfocus.com/archive/1/468048/100/0/threaded	cve@mitre.org
10	http://www.securityfocus.com/bid/23889	cve@mitre.org
11	http://www.securitytracker.com/id?1018454	cve@mitre.org
12	http://www.vupen.com/english/advisories/2007/1727	cve@mitre.org
13	http://www.vupen.com/english/advisories/2007/2657	cve@mitre.org
14	https://exchange.xforce.ibmcloud.com/vulnerabilities/34187	cve@mitre.org
15	http://osvdb.org/34515	af854a3a-2127-422b-91ae-364da2661108
16	http://osvdb.org/34516	af854a3a-2127-422b-91ae-364da2661108
17	http://osvdb.org/34517	af854a3a-2127-422b-91ae-364da2661108
18	http://secunia.com/advisories/25212	af854a3a-2127-422b-91ae-364da2661108
19	http://secunia.com/advisories/26199	af854a3a-2127-422b-91ae-364da2661108
20	http://securityreason.com/securityalert/2689	af854a3a-2127-422b-91ae-364da2661108
21	http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html	af854a3a-2127-422b-91ae-364da2661108
22	http://www.sec-consult.com/289.html	af854a3a-2127-422b-91ae-364da2661108
23	http://www.securityfocus.com/archive/1/468048/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
24	http://www.securityfocus.com/bid/23889	af854a3a-2127-422b-91ae-364da2661108
25	http://www.securitytracker.com/id?1018454	af854a3a-2127-422b-91ae-364da2661108
26	http://www.vupen.com/english/advisories/2007/1727	af854a3a-2127-422b-91ae-364da2661108
27	http://www.vupen.com/english/advisories/2007/2657	af854a3a-2127-422b-91ae-364da2661108
28	https://exchange.xforce.ibmcloud.com/vulnerabilities/34187	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List