Sybase M-Business Anywhere multiple unknown details Remote Privilege Escalation Vulnerability

Release date: 2011-10-14
Updated on: 2011-11-03

Affected Systems:
Sybase M-Business Anywhere 7.0
Sybase M-Business Anywhere 6.7
Description:
--------------------------------------------------------------------------------
Bugtraq id: 50145

Sybase's M-Business Anywhere provides a mobile content and application platform that delivers Web-based mobile content and applications to mobile devices.

Sybase M-Business Anywhere has two remote permission escalation vulnerabilities, which can be exploited by malicious users to gain elevated permissions.

The Sybase M-Business platform provides a desktop and mobile phone device client to access the backend M-Business Server. By default, users can register and create their own accounts. A vulnerability exists in the Web management interface. Regular users can log on and execute administrator commands without authentication.

<* Source: vendor

Link: https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php? Id = 952
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Sybase
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.sybase.com/products/allproductsa-z/m-businessanywhere