Description
Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator.
Product(s):
- Novell Novell Internet Messaging System 2.6
- Novell Novell Internet Messaging System 3.0
- Novell NetMail 3.1
- Novell NetMail 3.5
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-2298, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-2298 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.