Authentication Bypass and Command Execution Vulnerability in SalesLogix 6.1

Authentication Bypass and Command Execution Vulnerability in SalesLogix 6.1

CVE-2004-1611 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to (1) execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack, or (2) obtain the database password via a GetConnection request to TCP port 1707.

Learn more about our Cis Benchmark Audit For Server Software.