Summaryinfo

A vulnerability was found in Isode M-Link 14.6/15.1. It has been declared as critical. This issue affects some unknown processing of the component XMPP Server Dialback. Such manipulation leads to input validation. This vulnerability is uniquely identified as CVE-2012-4669. No exploit exists. It is recommended to upgrade the affected component.

Detailsinfo

A vulnerability was found in Isode M-Link 14.6/15.1. It has been rated as critical. Affected by this issue is some unknown processing of the component XMPP Server Dialback. The manipulation with an unknown input leads to a input validation vulnerability. Using CWE to declare the problem leads to CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. Impacted is confidentiality, and integrity. CVE summarizes:

M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.

The weakness was disclosed 08/25/2012 (Website). The advisory is available at xmpp.org. This vulnerability is handled as CVE-2012-4669 since 08/25/2012. The attack may be launched remotely. No form of authentication is required for exploitation. The technical details are unknown and an exploit is not available.

Upgrading to version 14.6 eliminates this vulnerability.

The entries VDB-6093 and VDB-61804 are pretty similar. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

• Isode

Name

• M-Link

Version

• 14.6
• 15.1

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion