CVE-2012-5930

2022-10-0316:15:30

CWE-287

[email protected]

web.nvd.nist.gov

cve-2012-5930

netiq

privileged user manager

authentication bypass

remote attack

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

7 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.0%

JSON

The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request.

Affected configurations

NVD

Node

microfocusprivileged_user_managerMatch2.3.0

microfocusprivileged_user_managerMatch2.3.1

CPENameOperatorVersion
microfocus:privileged_user_managermicrofocus privileged user managereq2.3.0
microfocus:privileged_user_managermicrofocus privileged user managereq2.3.1

CPE	Name	Operator	Version
microfocus:privileged_user_manager	microfocus privileged user manager	eq	2.3.0
microfocus:privileged_user_manager	microfocus privileged user manager	eq	2.3.1