|
UltraApps Issue Manager Privilege Escalation Vulnerability
|
|
Secunia Advisory:
|
SA18174
|
|
|
Release Date:
|
2005-12-21
|
|
Last Update:
|
2006-01-13
|
|
Popularity:
|
4,547 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Privilege escalation
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | UltraApps Issue Manager 2.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2005-4453
|
|
Description:
Information Risk Management Plc. has reported a vulnerability in UltraApps Issue Manager, which can be exploited by malicious users to gain escalated privileges.
The vulnerability is caused due to an error in the authentication process. This can be exploited to gain administrative privileges by modifying the "p_User_user_id", "User_user_id", and "User_pass" parameters.
The vulnerability has been reported in version 2.1. Other versions may also be affected.
Solution:
The vulnerability has reportedly been fixed in a patch available from the vendor.
Provided and/or discovered by:
Rodrigo Marcos and Andy Davis, Information Risk Management Plc.
Changelog:
2006-01-13: Added CVE reference.
Original Advisory:
http://www.irmplc.com/advisory013.htm
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
