MS10-089: Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

An application on the remote host has multiple vulnerabilities

Description :

The version of Forefront Unified Access Gateway (UAG) running on the
remote host has multiple vulnerabilities :

- An unspecified redirection spoofing vulnerability, which
could result in users being redirected from the UAG server
to a similar looking, malicious server. (CVE-2010-2732)

- An unspecified non-persistent XSS in UAG.
(CVE-2010-2733)

- An unspecified non-persistent XSS in the UAG Mobile
Portal Website. (CVE-2010-2734)

- An unspecified non-persistent XSS in Signurl.asp.
(CVE-2010-3936)

See also :

http://technet.microsoft.com/en-us/security/bulletin/MS10-089

Solution :

Microsoft has released a set of patches for UAG 2010, UAG 2010 Update
1, and UAG 2010 Update 2.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 50530 ()

Bugtraq ID: 44631
44632
44633
44634

CVE ID: CVE-2010-2732
CVE-2010-2733
CVE-2010-2734
CVE-2010-3936