CVE-2007-1249
C1 Financial Services Contelligent 9.1.4 - Privilege Escalation
Title source: llmDescription
MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32775
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/22785
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0814
Various Sources x_refsource_confirm
http://www.contelligent.com/contell/cms/c1web/contelligent/site/contelligent/changelog.html?fromRelease=9.1.4
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24364
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/33497
Scores
EPSS
0.0105
EPSS Percentile
59.8%
Details
CWE
CWE-362
Status
published
Products (1)
contelligent/c1_financial_services
9.1.4
Published
Mar 03, 2007
Tracked Since
Feb 18, 2026