CVE-2007-3986

Name of the Vulnerable Software and Affected Versions: Secure Computing SecurityReporter (aka Network Security Analyzer) version 4.6.3

Description: The issue allows remote attackers to bypass authentication. This is achieved by specifying the eventcache directory and a non-GIF file through a name parameter, which causes the $dontvalidate variable to be set to true.

Recommendations: For Secure Computing SecurityReporter (aka Network Security Analyzer) version 4.6.3, consider restricting access to the file.cgi to minimize the risk of exploitation until a patch is available. Avoid using the name parameter in the affected endpoint to prevent authentication bypass.