Directory Traversal Vulnerability in Novell Access Manager Administration Console
CVE-2010-0284

Currently unrated

Key Information:

Vendor: Novell
Status: Access Manager
Vendor: CVE Published:; 18 June 2010

Summary

A directory traversal vulnerability exists in the getEntry method of the PortalModuleInstallManager component within the Administration Console of Novell Access Manager 3.1 prior to version 3.1.2-281. This vulnerability allows remote attackers to manipulate input parameters to create arbitrary files with specified content on the server. Exploiting this flaw could lead to unauthorized file creation and the execution of arbitrary code, compromising the integrity of the affected system.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/59528

vdb-entryx_refsource_XF

http://www.securitytracker.com/id?1024132

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/40198

third-party-advisoryx_refsource_SECUNIA

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 18, 2010
Vulnerability Reserved
Jan 12, 2010