CVE-2010-1929

2010-06-2817:30:01

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.611

Percentile

97.9%

JSON

Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc.

Affected configurations

Nvd

Node

novellimanagerMatch2.7.0

novellimanagerMatch2.7.3

novellimanagerMatch2.7.3ftf2

VendorProductVersionCPE
novellimanager2.7.0cpe:2.3:a:novell:imanager:2.7.0:*:*:*:*:*:*:*
novellimanager2.7.3cpe:2.3:a:novell:imanager:2.7.3:*:*:*:*:*:*:*
novellimanager2.7.3cpe:2.3:a:novell:imanager:2.7.3:ftf2:*:*:*:*:*:*

Vendor	Product	Version	CPE
novell	imanager	2.7.0	cpe:2.3:a:novell:imanager:2.7.0:::::::*
novell	imanager	2.7.3	cpe:2.3:a:novell:imanager:2.7.3:::::::*
novell	imanager	2.7.3	cpe:2.3:a:novell:imanager:2.7.3:ftf2::::::