Novell iManager < 2.7 SP1 Property Book Pages Arbitrary Plug-in Studio Deletion

medium Nessus Plugin ID 33867

Synopsis

The remote web server is affected by a security bypass vulnerability.

Description

Novell iManager is installed on the remote host. The version of iManager installed reportedly fails to implement sufficient access control checks on 'Property Book Pages' created with Plug-in Studio before granting delete privileges on them to a user.

Solution

Upgrade to Novell iManager 2.7 SP1 (iManager 2.7.1).

See Also

http://www.nessus.org/u?225c9e63

Plugin Details

Severity: Medium

ID: 33867

File Name: novell_imgr_security_bypass_vuln.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 8/12/2008

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

Required KB Items: www/novell_imanager

Exploit Ease: No known exploits are available

Patch Publication Date: 7/31/2008

Reference Information

CVE: CVE-2008-3488

BID: 30497

CWE: 264

Secunia: 31333