Description
Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/34514
Exploit, Vendor Advisory x_refsource_misc
http://www.sec-consult.com/289.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1727
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/468048/100/0/threaded
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25212
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2689
Scores
EPSS
0.0154
EPSS Percentile
72.0%
Details
CWE
CWE-200
Status
published
Products (5)
nokia/groupwise_mobile_server
nokia/intellisync_mobile_suite
6.4.31.2
nokia/intellisync_mobile_suite
6.6.0.107
nokia/intellisync_mobile_suite
6.6.2.2
nokia/intellisync_wireless_email_express
Published
May 11, 2007
Tracked Since
Feb 18, 2026