Vulnerability Description
The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements, which allows remote authenticated users to perform administrative actions by leveraging knowledge of a hidden function, as demonstrated by the password-change function.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Efstechnology | Autoform Pdm Archive | <= 7.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/49335
- http://www.kb.cert.org/vuls/id/773035US Government Resource
- http://www.kb.cert.org/vuls/id/MAPG-8RQL83US Government Resource
- http://www.securityfocus.com/bid/53716
- http://secunia.com/advisories/49335
- http://www.kb.cert.org/vuls/id/773035US Government Resource
- http://www.kb.cert.org/vuls/id/MAPG-8RQL83US Government Resource
- http://www.securityfocus.com/bid/53716
FAQ
What is CVE-2012-1828?
CVE-2012-1828 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements, which allows remote authenticated users to perform administrative actions by leveraging knowledg...
How severe is CVE-2012-1828?
CVE-2012-1828 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1828?
Check the references section above for vendor advisories and patch information. Affected products include: Efstechnology Autoform Pdm Archive.