Sybase Pylon Anywhere groupware synchronization unauthorized access
| pylon-groupware-unauth-access (25989) |  Low Risk |
Description:
Pylon Anywhere could allow a remote attacker to obtain sensitive information, caused by an unspecified vulnerability in the groupware synchronization server. An attacker with a valid account could exploit this vulnerability to access other user's email and PIM data.
Consequences:
Obtain Information
Remedy:
Upgrade to the latest version of Pylon Anywhere (7.0 or later) or apply the patch for this vulnerability, available from the Sybase, Inc. Web site. See References.
References:
- Sybase, Inc. Web site: Urgent from Sybase: Possible security vulnerability Pylon Anywhere.
- BID-17677: Sybase Pylon Anywhere Unauthorized Access Vulnerability
- CVE-2006-1997: Unspecified vulnerability in Sybase Pylon Anywhere groupware synchronization server before 7.0 allows local users to obtain sensitive information such as email and PIM data of another user via unknown attack vectors.
- SA19784: Pylon Anywhere Access Restriction Bypass Vulnerability
- VUPEN/ADV-2006-1477: Pylon Anywhere Email and PIM Data Access Restriction Bypass Vulnerability
Platforms Affected:
- Sybase Pylon Anywhere 5.5.4
- Sybase Pylon Anywhere 6.2.1
- Sybase Pylon Anywhere 6.3.2
- Sybase Pylon Anywhere 6.4.2
- Sybase Pylon Anywhere 6.4.8
- Sybase Pylon Anywhere 6.4.9
Reported:
Apr 19, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net