CVE-2012-5930
Summary
| CVE | CVE-2012-5930 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-12-24 18:55:00 UTC |
| Updated | 2021-04-13 16:46:00 UTC |
| Description | The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microfocus | Privileged User Manager | 2.3.0 | All | All | All |
| Application | Microfocus | Privileged User Manager | 2.3.1 | All | All | All |
| Application | Netiq | Privileged User Manager | 2.3.0 | All | All | All |
| Application | Netiq | Privileged User Manager | 2.3.1 | All | All | All |
| Application | Netiq | Privileged User Manager | 2.3.0 | All | All | All |
| Application | Netiq | Privileged User Manager | 2.3.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Error 404 :( | MISC | retrogod.altervista.org | Exploit |
| Error 404 :( | MISC | retrogod.altervista.org | Exploit |
| www.netiq.com/support/kb/doc.php | CONFIRM | www.netiq.com | Vendor Advisory |
| Downloads - Privileged User Manager 2.3.1 HF2 (2.3.1.2) | CONFIRM | download.novell.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.