Eval Injection Vulnerability in NetIQ Privileged User Manager
CVE-2012-5932

Currently unrated

Key Information:

Vendor

Microfocus
Status
Privileged User Manager
Vendor
CVE Published:
24 December 2012

What is CVE-2012-5932?

The eval injection vulnerability in the ldapagnt_eval function causes severe security risks within the NetIQ Privileged User Manager. In versions prior to 2.3.1 HF2, this flaw allows remote attackers to execute arbitrary Perl code by sending specially crafted application/x-amf requests. This issue poses significant threats to systems utilizing this software, making it essential for users to apply patches and sample best practices in order to mitigate potential unauthorized access and control.

References

http://download.novell.com/Download?buildid=K6-PmbPjduA~
x_refsource_CONFIRM
https://www.netiq.com/support/kb/doc.php?id=7011385
x_refsource_CONFIRM
http://retrogod.altervista.org/9sg_novell_netiq_ii.htm
x_refsource_MISC

EPSS Score

44% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.