CVE-2004-2766

CWE-200 — Information Exposure3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 54.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Iplanet Messaging Server SUN ONE Messaging Server

Timeline

PublishedJan 28

Latest updateApr 29

Description

Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDsun/iplanet_messaging_server5.2

▶NVDsun/one_messaging_server6.1

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-xf68-pxg8-qfjf: Webmail in Sun ONE Messaging Server 6↗2022-04-29

▶

CVEList

CVE-2004-2766: Webmail in Sun ONE Messaging Server 6↗2010-01-28

▶