PT-2014-6436 · Adaptive Computing · Adaptive Computing Moab

Published

2014-10-08

Updated

2018-10-09

CVE-2014-5375

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Adaptive Computing Moab versions prior to 7.2.9 Adaptive Computing Moab version 8 before 8.0.0

Description The issue arises from the server's failure to properly validate whether the message owner matches the submitting user. This allows remote authenticated users to impersonate arbitrary users by manipulating the UserId and Owner tags.

Recommendations For Adaptive Computing Moab versions prior to 7.2.9, update to version 7.2.9 or later. For Adaptive Computing Moab version 8 before 8.0.0, update to version 8.0.0 or later.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2014-5375

Affected Products

Adaptive Computing Moab

PT-2014-6436 · Adaptive Computing · Adaptive Computing Moab

CVE-2014-5375

Weakness Enumeration

Related Identifiers

Affected Products

References · 6