CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-6714

DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 79.8%

CVSS Severity

CVSS v2 Score 6.8

References

http://dbmail.org/index.php?page=news&id=44
http://osvdb.org/44561
http://secunia.com/advisories/29903
http://secunia.com/advisories/29937
http://secunia.com/advisories/29984
http://www.gentoo.org/security/en/glsa/glsa-200804-24.xml
http://www.mail-archive.com/dbmail-dev%40dbmail.org/msg09942.html
http://www.securityfocus.com/bid/28849
http://www.securitytracker.com/id?1019914
http://www.vupen.com/english/advisories/2008/1321/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41907
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00549.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00585.html
http://dbmail.org/index.php?page=news&id=44
http://osvdb.org/44561
http://secunia.com/advisories/29903
http://secunia.com/advisories/29937
http://secunia.com/advisories/29984
http://www.gentoo.org/security/en/glsa/glsa-200804-24.xml
http://www.mail-archive.com/dbmail-dev%40dbmail.org/msg09942.html
http://www.securityfocus.com/bid/28849
http://www.securitytracker.com/id?1019914
http://www.vupen.com/english/advisories/2008/1321/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41907
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00549.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00585.html

Products affected by CVE-2007-6714

Dbmail » Dbmail » Version: 2.2.6

cpe:2.3:a:dbmail:dbmail:2.2.6
Dbmail » Dbmail » Version: 2.2.7

cpe:2.3:a:dbmail:dbmail:2.2.7
Dbmail » Dbmail » Version: 2.2.8

cpe:2.3:a:dbmail:dbmail:2.2.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-6714

Products

Pricing

Contact Us