Published: 24/12/2012 Updated: 13/04/2021

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 645

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x prior to 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote malicious users to change the passwords of administrative accounts via a crafted application/x-amf request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microfocus privileged user manager 2.3.0
microfocus privileged user manager 2.3.1

Novell NetIQ Privileged User Manager 231 authdll pa_modify_accounts() Remote Code Execution (pre auth / SYSTEM privileges) Tested against: Microsoft Windows 2003 r2 sp2 download url: downloadnovellcom/indexjsp (search "Privileged User Manager") file tested: NetIQ-PUM-231iso (decompress and launch netiq_pum_manager_231_x86msi) ...

CWE-287 http://download.novell.com/Download?buildid=K6-PmbPjduA~https://www.netiq.com/support/kb/doc.php?id=7011385 http://retrogod.altervista.org/9sg_novell_netiq_i.htm http://retrogod.altervista.org/9sg_novell_netiq_i_adv.htm https://nvd.nist.gov https://www.exploit-db.com/exploits/22737/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-5930

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect