Sign-up

ID

VAR-199901-0009


CVE

CVE-1999-1170


TITLE

Progress Software IPswitch IMail Security hole

Trust: 0.6

sources: CNNVD: CNNVD-199901-025

DESCRIPTION

IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. Non-administrative Imail and WS_FTP Server users may elevate their privileges to administrator for these applications by modifying a specific registry value. Once a person has obtained administrative privileges, they may use the application interface (locally) to read email, create accounts, delete accounts, etc. Progress Software IPswitch IMail is an email server of Progress Software Company in the United States. A security vulnerability exists in Progress Software IPswitch IMail

Trust: 1.26

sources: NVD: CVE-1999-1170 // BID: 218 // VULHUB: VHN-1151

AFFECTED PRODUCTS

vendor:ipswitchmodel:imailscope:eqversion:5.0

Trust: 1.9

vendor:progressmodel:ws ftp serverscope:eqversion:1.0.1.e

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:1.0.2.e

Trust: 1.0

vendor:ipswitchmodel:ws ftp serverscope:eqversion:1.0.2.e

Trust: 0.6

vendor:ipswitchmodel:ws ftp serverscope:eqversion:1.0.1.e

Trust: 0.6

vendor:ipswitchmodel:ws ftp server evalscope:eqversion:1.0.2

Trust: 0.3

vendor:ipswitchmodel:ws ftp server evalscope:eqversion:1.0.1

Trust: 0.3

sources: BID: 218 // CNNVD: CNNVD-199901-025 // NVD: CVE-1999-1170

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-1170
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-199901-025
value: MEDIUM

Trust: 0.6

VULHUB: VHN-1151
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-1999-1170
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-1151
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1151 // CNNVD: CNNVD-199901-025 // NVD: CVE-1999-1170

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-1170

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-199901-025

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-199901-025

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-1151

PATCH
title:Progress Software IPswitch IMail Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106535
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-199901-025

EXTERNAL IDS
db:NVDid:CVE-1999-1170
Trust: 2.0
db:BIDid:218
Trust: 2.0
db:CNNVDid:CNNVD-199901-025
Trust: 0.7
db:EXPLOIT-DBid:19167
Trust: 0.1
db:VULHUBid:VHN-1151
Trust: 0.1
sources:
            
            
            VULHUB: VHN-1151 // 
            
            
            
            BID: 218 // 
            
            
            
            CNNVD: CNNVD-199901-025 // 
            
            
            
            NVD: CVE-1999-1170

REFERENCES
url:http://www.securityfocus.com/bid/218
Trust: 1.7
url:http://marc.info/?l=ntbugtraq&m=91816507920544&w=2
Trust: 1.6
url:http://marc.info/?l=ntbugtraq&m=91816507920544&w=2
Trust: 0.1
sources:
            
            
            VULHUB: VHN-1151 // 
            
            
            
            CNNVD: CNNVD-199901-025 // 
            
            
            
            NVD: CVE-1999-1170

CREDITS
Marc
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-199901-025

SOURCES
db:VULHUBid:VHN-1151
db:BIDid:218
db:CNNVDid:CNNVD-199901-025
db:NVDid:CVE-1999-1170

LAST UPDATE DATE
2024-08-14T14:48:22.726000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-1151date:2019-08-13T00:00:00
db:BIDid:218date:2009-07-11T00:16:00
db:CNNVDid:CNNVD-199901-025date:2020-01-08T00:00:00
db:NVDid:CVE-1999-1170date:2023-10-11T14:45:44.747

SOURCES RELEASE DATE
db:VULHUBid:VHN-1151date:1999-01-02T00:00:00
db:BIDid:218date:1999-02-04T00:00:00
db:CNNVDid:CNNVD-199901-025date:1999-01-02T00:00:00
db:NVDid:CVE-1999-1170date:1999-01-02T05:00:00