CVE-2007-2690
CVE-2007-2690 is a high-severity vulnerability in Iss Proventia A Series Xpu with a CVSS 2.0 base score of 7.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 2.0 base score 7.8)
- EPSS exploit prediction: 2% (78th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Iss Proventia A Series Xpu
- Published:
- Last modified:
Description
Multiple IBM ISS Proventia Series products, including the A, G, and M series, do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.
Frequently asked questions
- What is CVE-2007-2690?
- Multiple IBM ISS Proventia Series products, including the A, G, and M series, do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.
- How severe is CVE-2007-2690?
- CVE-2007-2690 has a CVSS 2.0 base score of 7.8, rated high severity.
- Is CVE-2007-2690 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (78th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2007-2690?
- CVE-2007-2690 primarily affects Iss Proventia A Series Xpu. In total, 28 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2007-2690?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2007-2690 published?
- CVE-2007-2690 was published on 2007-05-16 and last updated on 2026-06-16.
References
- http://www.gamasec.net/english/gs07-01.html
- http://www.kb.cert.org/vuls/id/739224
- http://www.securityfocus.com/archive/1/468633/100/0/threaded
- http://www.securitytracker.com/id?1018068
Affected products (28)
- cpe:2.3:h:iss:proventia_a_series_xpu:*:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_a_series_xpu:20.11:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_a_series_xpu:22.1:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_a_series_xpu:22.2:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_a_series_xpu:22.3:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_a_series_xpu:22.4:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_a_series_xpu:22.5:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_a_series_xpu:22.6:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:*:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.1:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.2:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.3:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.4:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.5:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.6:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.7:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.8:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.9:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_g_series_xpu:22.10:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_m_series_xpu:*:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_m_series_xpu:1.1:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_m_series_xpu:1.2:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_m_series_xpu:1.3:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_m_series_xpu:1.4:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_m_series_xpu:1.5:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_m_series_xpu:1.6:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_m_series_xpu:1.7:*:*:*:*:*:*:*
- cpe:2.3:h:iss:proventia_m_series_xpu:1.8:*:*:*:*:*:*:*
More vulnerabilities in Iss Proventia A Series Xpu
- CVE-2004-0362 — High (CVSS 7.5): Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component,…
- CVE-2004-0193 — High (CVSS 7.5): Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network…
- CVE-2006-3840 — Medium (CVSS 5.0): The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including…