Vulnerability Description
The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microfocus | Privileged User Manager | 2.3.0 |
Related Weaknesses (CWE)
References
- http://download.novell.com/Download?buildid=K6-PmbPjduA~
- http://retrogod.altervista.org/9sg_novell_netiq_i.htmExploit
- http://retrogod.altervista.org/9sg_novell_netiq_i_adv.htmExploit
- https://www.netiq.com/support/kb/doc.php?id=7011385Vendor Advisory
- http://download.novell.com/Download?buildid=K6-PmbPjduA~
- http://retrogod.altervista.org/9sg_novell_netiq_i.htmExploit
- http://retrogod.altervista.org/9sg_novell_netiq_i_adv.htmExploit
- https://www.netiq.com/support/kb/doc.php?id=7011385Vendor Advisory
FAQ
What is CVE-2012-5930?
CVE-2012-5930 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote att...
How severe is CVE-2012-5930?
CVE-2012-5930 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5930?
Check the references section above for vendor advisories and patch information. Affected products include: Microfocus Privileged User Manager.