ID de Prueba:	1.3.6.1.4.1.25623.1.0.802043
Categoría:	Web application abuses
Título:	Novell NetIQ Privileged User Manager RCE Vulnerability
Resumen:	Novell NetIQ Privileged User Manager is prone to a remote code execution (RCE) vulnerability.
Descripción:	Summary: Novell NetIQ Privileged User Manager is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: The flaws are due to an error in the 'ldapagnt' and 'auth' module due to not restricting access to certain methods, which can be exploited to execute perl code by passing arbitrary arguments to the Perl 'eval()' function via HTTP POST requests and attacker can change administrative credentials using the 'modifyAccounts()' function via HTTP POST requests. Vulnerability Impact: Successful exploitation will allow attackers to execute perl code and change administrative credentials. Affected Software/OS: Novell NetIQ Privileged User Manager 2.3.0 and 2.3.1. Solution: Apply NetIQ Privileged User Manager 2.3.1 HF2 (2.3.1-2) or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5930 http://retrogod.altervista.org/9sg_novell_netiq_i.htm http://retrogod.altervista.org/9sg_novell_netiq_i_adv.htm Common Vulnerability Exposure (CVE) ID: CVE-2012-5931 Common Vulnerability Exposure (CVE) ID: CVE-2012-5932 http://retrogod.altervista.org/9sg_novell_netiq_ii.htm http://retrogod.altervista.org/9sg_novell_netiq_ldapagnt_adv.htm
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.