Unauthorized Access Vulnerability in NetIQ Privileged User Manager
CVE-2012-5930

Currently unrated

Key Information:

Vendor: Microfocus
Status: Privileged User Manager
Vendor: CVE Published:; 24 December 2012

What is CVE-2012-5930?

The pa_modify_accounts function in auth.dll within unifid.exe in NetIQ Privileged User Manager versions 2.3.x before 2.3.1 HF2 lacks proper authentication checks for the modifyAccounts method. This vulnerability enables remote attackers to execute crafted application/x-amf requests, allowing them to modify the passwords of administrative accounts without needing prior authentication.

References

http://download.novell.com/Download?buildid=K6-PmbPjduA~

x_refsource_CONFIRM

https://www.netiq.com/support/kb/doc.php?id=7011385

x_refsource_CONFIRM

http://retrogod.altervista.org/9sg_novell_netiq_i_adv.htm

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 24, 2012

Microfocus

What is CVE-2012-5930?

References

Timeline