Vulnerability Details : CVE-2007-1249

MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components.

Published 2007-03-03 20:19:00

Updated 2017-07-29 01:30:42

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2007-1249

Probability of exploitation activity in the next 30 days: 1.98%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-1249

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2007-1249

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Assigned by: [email protected] (Primary)

References for CVE-2007-1249

Products affected by CVE-2007-1249

Contelligent » C1 Financial Services » Version: 9.1.4
cpe:2.3:a:contelligent:c1_financial_services:9.1.4:*:*:*:*:*:*:*
Matching versions