ID

VAR-199901-0009


CVE

CVE-1999-1170


TITLE

Progress Software IPswitch IMail Security hole

Trust: 0.6

sources: CNNVD: CNNVD-199901-025

DESCRIPTION

IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. Non-administrative Imail and WS_FTP Server users may elevate their privileges to administrator for these applications by modifying a specific registry value. Once a person has obtained administrative privileges, they may use the application interface (locally) to read email, create accounts, delete accounts, etc. Progress Software IPswitch IMail is an email server of Progress Software Company in the United States. A security vulnerability exists in Progress Software IPswitch IMail

Trust: 1.26

sources: NVD: CVE-1999-1170 // BID: 218 // VULHUB: VHN-1151

AFFECTED PRODUCTS

vendor:ipswitchmodel:imailscope:eqversion:5.0

Trust: 1.9

vendor:progressmodel:ws ftp serverscope:eqversion:1.0.2.e

Trust: 1.0

vendor:progressmodel:ws ftp serverscope:eqversion:1.0.1.e

Trust: 1.0

vendor:ipswitchmodel:ws ftp serverscope:eqversion:1.0.2.e

Trust: 0.6

vendor:ipswitchmodel:ws ftp serverscope:eqversion:1.0.1.e

Trust: 0.6

vendor:ipswitchmodel:ws ftp server evalscope:eqversion:1.0.2

Trust: 0.3

vendor:ipswitchmodel:ws ftp server evalscope:eqversion:1.0.1

Trust: 0.3

sources: BID: 218 // CNNVD: CNNVD-199901-025 // NVD: CVE-1999-1170

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-1170
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-199901-025
value: MEDIUM

Trust: 0.6

VULHUB: VHN-1151
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-1999-1170
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-1151
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1151 // CNNVD: CNNVD-199901-025 // NVD: CVE-1999-1170

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-1170

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-199901-025

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-199901-025

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-1151

PATCH

title:Progress Software IPswitch IMail Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106535

Trust: 0.6

sources: CNNVD: CNNVD-199901-025

EXTERNAL IDS

db:NVDid:CVE-1999-1170

Trust: 2.0

db:BIDid:218

Trust: 2.0

db:CNNVDid:CNNVD-199901-025

Trust: 0.7

db:EXPLOIT-DBid:19167

Trust: 0.1

db:VULHUBid:VHN-1151

Trust: 0.1

sources: VULHUB: VHN-1151 // BID: 218 // CNNVD: CNNVD-199901-025 // NVD: CVE-1999-1170

REFERENCES

url:http://www.securityfocus.com/bid/218

Trust: 2.7

url:http://marc.info/?l=ntbugtraq&m=91816507920544&w=2

Trust: 2.6

url:http://marc.info/?l=ntbugtraq&m=91816507920544&w=2

Trust: 0.1

sources: VULHUB: VHN-1151 // CNNVD: CNNVD-199901-025 // NVD: CVE-1999-1170

CREDITS

Marc

Trust: 0.6

sources: CNNVD: CNNVD-199901-025

SOURCES

db:VULHUBid:VHN-1151
db:BIDid:218
db:CNNVDid:CNNVD-199901-025
db:NVDid:CVE-1999-1170

LAST UPDATE DATE

2024-11-22T23:11:45.638000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-1151date:2019-08-13T00:00:00
db:BIDid:218date:2009-07-11T00:16:00
db:CNNVDid:CNNVD-199901-025date:2020-01-08T00:00:00
db:NVDid:CVE-1999-1170date:2024-11-20T23:30:28.647

SOURCES RELEASE DATE

db:VULHUBid:VHN-1151date:1999-01-02T00:00:00
db:BIDid:218date:1999-02-04T00:00:00
db:CNNVDid:CNNVD-199901-025date:1999-01-02T00:00:00
db:NVDid:CVE-1999-1170date:1999-01-02T05:00:00