Novell is now a part of Micro Focus

My Favorites

Close

Please to see your favorites.

Unrestricted File Upload Remote Code Execution Vulnerability in Admin Console (CVE-2018-1342/ZDI-CAN-5088)

This document (7022444) is provided subject to the disclaimer at the end of this document.

Environment


Access Manager 4.3
Access Manager 4.4
Administration Console
CVE-2018-1342
ZDI-CAN-5088

Situation

Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server (CVE-2018-1342)

Resolution

Fixed in 4.3.3 and 4.4.0 hf1.

Thanks to Ariele Caltabiano (kimiya) and rgod for identifying issue and working with Trend Micro's Zero Day Initiative

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7022444
  • Creation Date:08-DEC-17
  • Modified Date:26-JAN-18
    • NetIQAccess Manager (NAM)

Did this document solve your problem? Provide Feedback