CVE-2006-5428 - Vulnerability Details - OpenCVE

rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cerberus	Cerberus Helpdesk

Configuration 1 [-]

cpe:2.3:a:cerberus:cerberus_helpdesk:3.2.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://forum.cerberusweb.com/showthread.php?t=7922
http://secunia.com/advisories/22418
http://www.securityfocus.com/bid/20598
http://www.vupen.com/english/advisories/2006/4089
https://exchange.xforce.ibmcloud.com/vulnerabilities/29655

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-10-20T17:00:00

Updated: 2024-08-07T19:48:30.557Z

Reserved: 2006-10-20T00:00:00

Link: CVE-2006-5428

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-10-20T17:07:00.000

Modified: 2024-11-21T00:19:12.120

Link: CVE-2006-5428

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-15T00:00:00", "descriptions": [{"lang": "en", "value": "rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://forum.cerberusweb.com/showthread.php?t=7922"}, {"name": "22418", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22418"}, {"name": "ADV-2006-4089", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4089"}, {"name": "20598", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20598"}, {"name": "cerberushelpdesk-rpc-information-disclosure(29655)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29655"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5428", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://forum.cerberusweb.com/showthread.php?t=7922", "refsource": "CONFIRM", "url": "http://forum.cerberusweb.com/showthread.php?t=7922"}, {"name": "22418", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22418"}, {"name": "ADV-2006-4089", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4089"}, {"name": "20598", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20598"}, {"name": "cerberushelpdesk-rpc-information-disclosure(29655)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29655"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:48:30.557Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://forum.cerberusweb.com/showthread.php?t=7922"}, {"name": "22418", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22418"}, {"name": "ADV-2006-4089", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4089"}, {"name": "20598", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20598"}, {"name": "cerberushelpdesk-rpc-information-disclosure(29655)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29655"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5428", "datePublished": "2006-10-20T17:00:00", "dateReserved": "2006-10-20T00:00:00", "dateUpdated": "2024-08-07T19:48:30.557Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cerberus:cerberus_helpdesk:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0F8A240E-429C-4DB9-B989-97C733617864", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request."}, {"lang": "es", "value": "rpc.php en Cerberus Helpdesk 3.2.1 no verifica los privilegios de un cliente para una operaci\u00f3n display_get_requesters, lo cual permite a un atacante remoto evitar la validaci\u00f3n GUI y obtener informaci\u00f3n sensible (ticket data) a trav\u00e9s de una respuesta directa."}], "id": "CVE-2006-5428", "lastModified": "2024-11-21T00:19:12.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-10-20T17:07:00.000", "references": [{"source": "cve@mitre.org", "url": "http://forum.cerberusweb.com/showthread.php?t=7922"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22418"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/20598"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4089"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29655"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://forum.cerberusweb.com/showthread.php?t=7922"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22418"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/20598"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4089"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29655"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}