Serena TeamTrack 6.1.1 Information Disclosure and Cross-Site Scripting Vulnerability

Serena TeamTrack 6.1.1 Information Disclosure and Cross-Site Scripting Vulnerability

CVE-2004-2563 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template parameters.

Learn more about our User Device Pen Test.