vendor:
Enterprise Collaboration
by:
SecurityFocus
7.5
CVSS
HIGH
Arbitrary HTML File Upload, Malicious File Download, Information Disclosure
79, 434, 200
CWE
Product Name: Enterprise Collaboration
Affected Version From: Hummingbird Enterprise Collaboration 5.2.1 and prior versions
Affected Version To: Hummingbird Enterprise Collaboration 5.2.1 and prior versions
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005
Hummingbird Enterprise Collaboration Multiple Vulnerabilities
Hummingbird Enterprise Collaboration is prone to multiple vulnerabilities. The application reportedly allows remote attackers to upload arbitrary HTML files and script code to the application. Another vulnerability allows attackers to trick users into downloading potentially malicious files. An attacker may also disclose sensitive information about the server by sending specially crafted HTTP GET requests.
Mitigation:
Ensure that all software is up to date and patched with the latest security updates. Restrict access to the application to trusted users only.
