Vulnerability Details CVE-2007-1249
MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.8%
CVSS Severity
CVSS v2 Score 6.8
References
- http://osvdb.org/33497
- http://secunia.com/advisories/24364
- http://www.contelligent.com/contell/cms/c1web/contelligent/site/contelligent/changelog.html?fromRelease=9.1.4
- http://www.securityfocus.com/bid/22785
- http://www.vupen.com/english/advisories/2007/0814
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32775
- http://osvdb.org/33497
- http://secunia.com/advisories/24364
- http://www.contelligent.com/contell/cms/c1web/contelligent/site/contelligent/changelog.html?fromRelease=9.1.4
- http://www.securityfocus.com/bid/22785
- http://www.vupen.com/english/advisories/2007/0814
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32775
Products affected by CVE-2007-1249
-
cpe:2.3:a:contelligent:c1_financial_services:9.1.4