Details of VAR-200112-0166

ID

VAR-200112-0166

CVE

CVE-2001-1211

TITLE

Ipswitch IMail Domain Management Authority Boost Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200112-158

DESCRIPTION

Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain. Ipswitch IMail is an email server that serves clients their mail via a web interface. IMail supports most common email protocols such as SMTP, POP3, IMAP4, and LDAP etc. IMail also includes support for multiple domains, and web based administration. It runs on Microsoft Windows platforms. There is a vulnerability with the authentication process for this web administration tool. Any valid administrator account may make changes to any domain on the server. IPSwitch IMail is a popular web-based mail retrieval program used by many ISPs. Attackers can list, view, add, and delete other domains arbitrarily. User aliases and mailing lists for

Trust: 1.26

sources: NVD: CVE-2001-1211 // BID: 3766 // VULHUB: VHN-4016

AFFECTED PRODUCTS

vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.4	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.3	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.2	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	7.0.1	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.4	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.3	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.2	Trust: 1.9
vendor:	ipswitch	model:	imail	scope:	eq	version:	6.1	Trust: 1.9

sources: BID: 3766 // CNNVD: CNNVD-200112-158 // NVD: CVE-2001-1211

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1211
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200112-158
value:	HIGH
Trust: 0.6
VULHUB:	VHN-4016
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2001-1211
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4016
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4016 // CNNVD: CNNVD-200112-158 // NVD: CVE-2001-1211

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1211

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200112-158

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200112-158

EXTERNAL IDS

db:	BID	id:	3766	Trust: 2.0
db:	NVD	id:	CVE-2001-1211	Trust: 2.0
db:	CNNVD	id:	CNNVD-200112-158	Trust: 0.7
db:	XF	id:	7752	Trust: 0.6
db:	BUGTRAQ	id:	20011231 IMAIL WEB SERVICE USER ALIASES / MAILING LISTS ADMIN VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-4016	Trust: 0.1

sources: VULHUB: VHN-4016 // BID: 3766 // CNNVD: CNNVD-200112-158 // NVD: CVE-2001-1211

REFERENCES

url:	http://www.securityfocus.com/bid/3766	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/247786	Trust: 1.7
url:	http://support.ipswitch.com/kb/im-20011219-dm01.htm	Trust: 1.7
url:	http://support.ipswitch.com/kb/im-20020301-dm02.htm	Trust: 1.7
url:	http://www.iss.net/security_center/static/7752.php	Trust: 1.7
url:	http://www.ipswitch.com/products/imail_server/index.asp	Trust: 0.3

sources: VULHUB: VHN-4016 // BID: 3766 // CNNVD: CNNVD-200112-158 // NVD: CVE-2001-1211

CREDITS

Zeeshan Mustafa※ security@zeeshan.net

Trust: 0.6

sources: CNNVD: CNNVD-200112-158

SOURCES

db:	VULHUB	id:	VHN-4016
db:	BID	id:	3766
db:	CNNVD	id:	CNNVD-200112-158
db:	NVD	id:	CVE-2001-1211

LAST UPDATE DATE

2025-04-03T22:40:00.336000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-4016	date:	2008-09-05T00:00:00
db:	BID	id:	3766	date:	2009-07-11T09:56:00
db:	CNNVD	id:	CNNVD-200112-158	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2001-1211	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-4016	date:	2001-12-31T00:00:00
db:	BID	id:	3766	date:	2001-12-31T00:00:00
db:	CNNVD	id:	CNNVD-200112-158	date:	2001-12-31T00:00:00
db:	NVD	id:	CVE-2001-1211	date:	2001-12-31T05:00:00