CVE-2007-2590

Nokia Intellisync Mobile Suite - Info Disclosure

Title source: llm
STIX 2.1

Description

Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/34514
Exploit, Vendor Advisory x_refsource_misc
http://www.sec-consult.com/289.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1727
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/468048/100/0/threaded
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25212
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2689

Scores

EPSS 0.0154
EPSS Percentile 72.0%

Details

CWE
CWE-200
Status published
Products (5)
nokia/groupwise_mobile_server
nokia/intellisync_mobile_suite 6.4.31.2
nokia/intellisync_mobile_suite 6.6.0.107
nokia/intellisync_mobile_suite 6.6.2.2
nokia/intellisync_wireless_email_express
Published May 11, 2007
Tracked Since Feb 18, 2026