Ventia DeskNow Multiple Remote Vulnerabilities (deprecated)

medium Nessus Network Monitor Plugin ID 2586

Synopsis

The remote Ventia DeskNow server allows unauthorized access to local files and email.

Description

The remote host is running Ventia DeskNow Mail And Collaboration Server. Ventia DeskNow allows multiple users to chat, share files, collaborate and more via a central Ventia DeskNow server. There is a flaw with the version of DeskNow that allows files to be modified on the local server, email to be tampered with, and other flaws.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://www.desknow.com

Plugin Details

Severity: Medium

ID: 2586

Family: Web Servers

Published: 2/2/2005

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.3

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Reference Information

CVE: CVE-2005-0332

BID: 12421