PT-2014-6436 · Adaptive Computing · Adaptive Computing Moab
Publicado
2014-10-08
·
Atualizado
2018-10-09
·
CVE-2014-5375
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Adaptive Computing Moab versions prior to 7.2.9
Adaptive Computing Moab version 8 before 8.0.0
Description
The issue arises from the server's failure to properly validate whether the message owner matches the submitting user. This allows remote authenticated users to impersonate arbitrary users by manipulating the
UserId and Owner tags.Recommendations
For Adaptive Computing Moab versions prior to 7.2.9, update to version 7.2.9 or later.
For Adaptive Computing Moab version 8 before 8.0.0, update to version 8.0.0 or later.
Exploit
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Adaptive Computing Moab