Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5930

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2012-5930
Last Modified 08 Jan 2013 12:00:00
Published 24 Dec 2012 01:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5930

Summary

The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request.

Vulnerable Systems

Application

  • Netiq Privileged User Manager 2.3.0

  • Netiq Privileged User Manager 2.3.1


References

CONFIRM - https://www.netiq.com/support/kb/doc.php?id=7011385

MISC - http://retrogod.altervista.org/9sg_novell_netiq_i_adv.htm

MISC - http://retrogod.altervista.org/9sg_novell_netiq_i.htm

CONFIRM - http://download.novell.com/Download?buildid=K6-PmbPjduA~


Last Updated: 27 May 2016 10:58:31