Test ID:	1.3.6.1.4.1.25623.1.0.802043
Category:	Web application abuses
Title:	Novell NetIQ Privileged User Manager RCE Vulnerability
Summary:	Novell NetIQ Privileged User Manager is prone to a remote code execution (RCE) vulnerability.
Description:	Summary: Novell NetIQ Privileged User Manager is prone to a remote code execution (RCE) vulnerability. Vulnerability Insight: The flaws are due to an error in the 'ldapagnt' and 'auth' module due to not restricting access to certain methods, which can be exploited to execute perl code by passing arbitrary arguments to the Perl 'eval()' function via HTTP POST requests and attacker can change administrative credentials using the 'modifyAccounts()' function via HTTP POST requests. Vulnerability Impact: Successful exploitation will allow attackers to execute perl code and change administrative credentials. Affected Software/OS: Novell NetIQ Privileged User Manager 2.3.0 and 2.3.1. Solution: Apply NetIQ Privileged User Manager 2.3.1 HF2 (2.3.1-2) or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5930 http://retrogod.altervista.org/9sg_novell_netiq_i.htm http://retrogod.altervista.org/9sg_novell_netiq_i_adv.htm Common Vulnerability Exposure (CVE) ID: CVE-2012-5931 Common Vulnerability Exposure (CVE) ID: CVE-2012-5932 http://retrogod.altervista.org/9sg_novell_netiq_ii.htm http://retrogod.altervista.org/9sg_novell_netiq_ldapagnt_adv.htm
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.