Directory Traversal Vulnerability in NetIQ Privileged User Manager
CVE-2012-5931

Currently unrated

Key Information:

Vendor: Microfocus
Status: Privileged User Manager
Vendor: CVE Published:; 24 December 2012

What is CVE-2012-5931?

A directory traversal vulnerability exists in the set_log_config function within regclnt.dll used by NetIQ Privileged User Manager versions prior to 2.3.1 HF2. This allows authenticated remote users to execute directory traversal sequences in a log path, enabling them to create or overwrite files on the server. Proper validation of file paths is critical to prevent these types of vulnerabilities.

References

http://download.novell.com/Download?buildid=K6-PmbPjduA~

x_refsource_CONFIRM

https://www.netiq.com/support/kb/doc.php?id=7011385

x_refsource_CONFIRM

http://retrogod.altervista.org/9sg_novell_netiq_i_adv.htm

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 24, 2012

Microfocus

What is CVE-2012-5931?

References

Timeline