PT-2014-6437 · Adaptive Computing · Adaptive Computing Moab

Published

2014-10-08

Updated

2018-10-09

CVE-2014-5376

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Adaptive Computing Moab versions prior to 7.2.9 Adaptive Computing Moab version 8 before 8.0.0

Description The issue allows remote authenticated users to impersonate arbitrary users via the actor field in a message, due to the lack of validation that the requesting user matches the actor in the message when a pre-generated key is used.

Recommendations For Adaptive Computing Moab versions prior to 7.2.9, update to version 7.2.9 or later. For Adaptive Computing Moab version 8 before 8.0.0, update to version 8.0.0 or later.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2014-5376

Affected Products

Adaptive Computing Moab

PT-2014-6437 · Adaptive Computing · Adaptive Computing Moab

CVE-2014-5376

Weakness Enumeration

Related Identifiers

Affected Products

References · 6