PT-2014-6437 · Adaptive Computing · Adaptive Computing Moab

Publicado

2014-10-08

Atualizado

2018-10-09

CVE-2014-5376

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Adaptive Computing Moab versions prior to 7.2.9 Adaptive Computing Moab version 8 before 8.0.0

Description The issue allows remote authenticated users to impersonate arbitrary users via the actor field in a message, due to the lack of validation that the requesting user matches the actor in the message when a pre-generated key is used.

Recommendations For Adaptive Computing Moab versions prior to 7.2.9, update to version 7.2.9 or later. For Adaptive Computing Moab version 8 before 8.0.0, update to version 8.0.0 or later.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2014-5376

Produtos afetados

Adaptive Computing Moab

PT-2014-6437 · Adaptive Computing · Adaptive Computing Moab

CVE-2014-5376

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6