Lucene search
MitreCVE-2012-5930HistoryDec 24, 2012 - 6:55 p.m.
CVE-2012-5930
2012-12-2418:55:02
CWE-287
mitre
web.nvd.nist.gov
35
2
cve-2012-5930
netiq
privileged user manager
authentication bypass
remote attack
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.01
Percentile
83.5%
The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request.
Affected configurations
Node
microfocusprivileged_user_managerMatch2.3.0
ORmicrofocusprivileged_user_managerMatch2.3.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microfocus | privileged_user_manager | 2.3.0 | cpe:2.3:a:microfocus:privileged_user_manager:2.3.0:*:*:*:*:*:*:* |
| microfocus | privileged_user_manager | 2.3.1 | cpe:2.3:a:microfocus:privileged_user_manager:2.3.1:*:*:*:*:*:*:* |
References
Social References
More
Related
nessus
nessus
nvd
nvd
CVE-2012-5930
2012-12-24 18:55:02
prion
prion
Cross site request forgery (csrf)
2012-12-24 18:55:00
cvelist
cvelist
CVE-2012-5930
2012-12-24 18:00:00
exploitdb
exploitdb
openvas
openvas
Novell NetIQ Privileged User Manager RCE Vulnerability
2012-11-21 00:00:00
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.01
Percentile
83.5%
Related for CVE-2012-5930