SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to (1) execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack, or (2) obtain the database password via a GetConnection request to TCP port 1707.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Saleslogix | Best_software | * | * |
Saleslogix | Saleslogix_corporation | 2000.0 (including) | 2000.0 (including) |