Summary
This host is running PivotX and is prone to data manipulation vulnerability.
Impact
Successful exploitation will allow remote attackers to gain privileges via unknown vectors.
Impact Level: Application.
Solution
Upgrade to PivotX version 2.2.5 or later
For updates refer to http://pivotx.net/
Insight
This issue is caused by an error in the 'Reset my password' feature, which could allow unauthenticated attackers to change the password of any account by guessing the username.
Affected
PivotX version before 2.2.5
References
Severity
Classification
-
CVE CVE-2011-1035 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- 4Images <= 1.7.1 Directory Traversal Vulnerability
- Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
- ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
- Apache Tomcat Windows Installer Privilege Escalation Vulnerability
- Athena Web Registration remote command execution flaw