CVE-2008-2380 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.1 UNKNOWN	NETWORK	HIGH		AV:N/AC:H/Au:N/C:P/I:P/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 68%

Vendor	Product	Version
courier-mta	courtier-authlib	0.52
courier-mta	courtier-authlib	0.53
courier-mta	courtier-authlib	0.54
courier-mta	courtier-authlib	0.55
courier-mta	courtier-authlib	0.56
courier-mta	courtier-authlib	0.57
courier-mta	courtier-authlib	0.58
courier-mta	courtier-authlib	0.59
courier-mta	courtier-authlib	0.59.1
courier-mta	courtier-authlib	0.59.2
courier-mta	courtier-authlib	0.59.3
courier-mta	courtier-authlib	0.60
courier-mta	courtier-authlib	0.60.1
courier-mta	courtier-authlib	0.60.2
courier-mta	courtier-authlib	0.60.3
courier-mta	courtier-authlib	0.60.4
courier-mta	courtier-authlib	0.60.5
courier-mta	courtier-authlib	0.60.6
courier-mta	courtier-authlib	0.61.0
courier-mta	courtier-authlib	0.61.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

courier-authlib

bullseye	0.71.1-2 fixed
bookworm	0.71.4-1 fixed
sid	0.71.4-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

courier-authlib

oneiric	not-affected
natty	not-affected
maverick	not-affected
lucid	not-affected
karmic	not-affected
jaunty	ignored
intrepid	ignored
hardy	ignored
gutsy	ignored
dapper	dne

Common Weakness Enumeration

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

References

http://osvdb.org/50811

http://secunia.com/advisories/33235

http://secunia.com/advisories/34234

http://security.gentoo.org/glsa/glsa-200903-25.xml

http://www.courier-mta.org/authlib/changelog.html

http://www.securityfocus.com/bid/32926

https://exchange.xforce.ibmcloud.com/vulnerabilities/47494

http://osvdb.org/50811

http://secunia.com/advisories/33235

http://secunia.com/advisories/34234

http://security.gentoo.org/glsa/glsa-200903-25.xml

http://www.courier-mta.org/authlib/changelog.html

http://www.securityfocus.com/bid/32926

https://exchange.xforce.ibmcloud.com/vulnerabilities/47494