Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
NetIQ Privileged User Manager 管理密码更改身份验证绕过漏洞
Vulnerability Description
NetIQ Privileged User Manager是安全访问UNIX、Linux和Windows系统的解决方案。 NetIQ Privileged User Manager 2.3.1 HF2之前的2.3.x版本中的unifid.exe中的auth.dll中的pa_modify_accounts函数中存在漏洞,该漏洞源于不需要验证modifyAccounts方法。通过特制的application/x-amf请求,远程攻击者利用该漏洞更改管理账户的密码。
CVSS Information
N/A
Vulnerability Type
N/A