CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-1999-1246

Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 75.0%

CVSS Severity

CVSS v2 Score 7.5

References

http://support.microsoft.com/support/kb/articles/Q229/9/72.asp
https://exchange.xforce.ibmcloud.com/vulnerabilities/2068
http://support.microsoft.com/support/kb/articles/Q229/9/72.asp
https://exchange.xforce.ibmcloud.com/vulnerabilities/2068

Products affected by CVE-1999-1246

Microsoft » Site Server » Version: 3.0

cpe:2.3:a:microsoft:site_server:3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-1999-1246

Products

Pricing

Contact Us