Intellisync Mobile Suite CVE-2007-2590 Information Disclosure Vulnerability

Intellisync Mobile Suite CVE-2007-2590 Information Disclosure Vulnerability

Intellisync Mobile Suite is prone to a information disclosure vulnerability. Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp.