Vulnerability Key Information CVE ID: CVE-2009-0700 Vulnerability Type: Security Bypass CVSS 2.0 Base Score: 5.5 - Access Vector: Network - Access Complexity: Low - Authentication: Single - Confidentiality Impact: Partial - Integrity Impact: Partial - Availability Impact: None CVSS 2.0 Temporal Score: 4.8 - Exploitability: High - Remediation Level: Official Fix - Report Confidence: Confirmed Impact: Bypass Security Mitigation Recommendation: Upgrade to the latest version of BusinessManager (4.2 or higher), available from the Plonet website. Affected Product: Plonet BusinessManager 4.1 External Links: - BugTraq Mailing List, Wed Jan 07 2009 - 09:30:18 CST - Plonet Web site - BugTraq Mailing List, Fri Jan 09 2009 - 04:09:34 CST - BID-33153 Description: Attackers can exploit this vulnerability by using the Pfad parameter or direct requests to bypass Access Control List (ACL) security restrictions, thereby gaining unauthorized access to customer, order, and job information.