CVE-2012-5930

{"id": "CVE-2012-5930", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-12-24T18:55:02.337", "references": [{"url": "http://download.novell.com/Download?buildid=K6-PmbPjduA~", "source": "cve@mitre.org"}, {"url": "http://retrogod.altervista.org/9sg_novell_netiq_i.htm", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://retrogod.altervista.org/9sg_novell_netiq_i_adv.htm", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://www.netiq.com/support/kb/doc.php?id=7011385", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://download.novell.com/Download?buildid=K6-PmbPjduA~", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://retrogod.altervista.org/9sg_novell_netiq_i.htm", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://retrogod.altervista.org/9sg_novell_netiq_i_adv.htm", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.netiq.com/support/kb/doc.php?id=7011385", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request."}, {"lang": "es", "value": "La funci\u00f3n pa_modify_accounts en auth.dll en unifid.exe en NetIQ Privileged User Manager v2.3.x antes de v2.3.1 HF2 no requiere autenticaci\u00f3n para el m\u00e9todo modifyAccounts, lo que permite a atacantes remotos cambiar las contrase\u00f1as de cuentas administrativas a trav\u00e9s de una petici\u00f3n application/x-amf hecha a mano.\r\n"}], "lastModified": "2024-11-21T01:45:32.723", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:privileged_user_manager:2.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2902077-EE48-49F3-92C7-F27F843C5148"}, {"criteria": "cpe:2.3:a:microfocus:privileged_user_manager:2.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "477A0628-E118-4595-9E59-BFACB94D953F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}