Lucene search

[email protected]CVE-2001-1254

HistoryMay 03, 2002 - 4:00 a.m.

CVE-2001-1254

2002-05-0304:00:00

[email protected]

web.nvd.nist.gov

cve-2001-1254

com2001 alexis

internetpbx

password exposure

web access component

port 8888

cybersecurity.

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.6%

JSON

Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing.

Affected configurations

NVD

Node

com2001alexis_serverMatch2.0

com2001alexis_serverMatch2.1

CPENameOperatorVersion
com2001:alexis_servercom2001 alexis servereq2.0
com2001:alexis_servercom2001 alexis servereq2.1

CPE	Name	Operator	Version
com2001:alexis_server	com2001 alexis server	eq	2.0
com2001:alexis_server	com2001 alexis server	eq	2.1

References

online.securityfocus.com/archive/1/217200

www.securityfocus.com/bid/3373

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.6%

JSON

Related for CVE-2001-1254

cvelist1 nvd1