GOnicus System Administrator Unauthorized Data Manipulation Vulnerability

Bugtraq ID:	22075
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 16 2007 12:00AM
Updated:	Jan 16 2007 10:20PM
Credit:	The vendor reported this issue.
Vulnerable:	GONiCUS System Administrator 2.5.7 GONiCUS System Administrator 2.5.6 GONiCUS System Administrator 2.5.5 GONiCUS System Administrator 2.5.4 GONiCUS System Administrator 2.5.3 GONiCUS System Administrator 2.5.2 GONiCUS System Administrator 2.5.1 GONiCUS System Administrator 2.5 GONiCUS System Administrator 2.4beta3 GONiCUS System Administrator 2.4beta2 GONiCUS System Administrator 2.4beta1 GONiCUS System Administrator 2.4 GONiCUS System Administrator 2.3
Not Vulnerable:	GONiCUS System Administrator 2.5.8

GOnicus System Administrator Unauthorized Data Manipulation Vulnerability

GOnicus System Administrator is prone to a vulnerability that may allow an attacker to manipulate certain settings and object values.

An attacker can exploit this issue to manipulate settings and other values in the affected application, which may allow the attacker to gain administrative access to the affected application.

This issue affects versions prior to 2.5.8.

GOnicus System Administrator Unauthorized Data Manipulation Vulnerability

An attacker can exploit this issue through a web client.

GOnicus System Administrator Unauthorized Data Manipulation Vulnerability

Solution:
The vendor has released an update to address this issue. Please see the references for more information.

GOnicus System Administrator Unauthorized Data Manipulation Vulnerability

References:

• GOnicus System Administrator Homepage (GONICUS)
  
• GOsa2 changelog (GONICUS)