CVE-2012-5932

Name of the Vulnerable Software and Affected Versions NetIQ Privileged User Manager versions 2.3.x through 2.3.1 before HF2

Description The issue allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request. This is due to an eval injection vulnerability in the ldapagnt eval function in ldapagnt.dll in unifid.exe.

Recommendations For versions 2.3.x through 2.3.1 before HF2, update to version 2.3.1 HF2 to resolve the issue. As a temporary workaround, consider restricting access to the ldapagnt eval function in ldapagnt.dll to minimize the risk of exploitation.