CVE-2012-5932
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://www.netiq.com/support/kb/doc.php?id=7011385
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| microfocus | privileged_user_manager | 2.3.0 | |
| microfocus | privileged_user_manager | 2.3.1 | |
References
- http://download.novell.com/Download?buildid=K6-PmbPjduA~
- http://retrogod.altervista.org/9sg_novell_netiq_ii.htm
- http://retrogod.altervista.org/9sg_novell_netiq_ldapagnt_adv.htm
- https://www.netiq.com/support/kb/doc.php?id=7011385
- http://download.novell.com/Download?buildid=K6-PmbPjduA~
- http://retrogod.altervista.org/9sg_novell_netiq_ii.htm
- http://retrogod.altervista.org/9sg_novell_netiq_ldapagnt_adv.htm
- https://www.netiq.com/support/kb/doc.php?id=7011385
CWEs
CWE-94
Verify integrity in audit chain (admin only). AS-IS.