VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2009-4879
access_manager: The Identity Server in Novell Access Manager before...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4879

Original

The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-05-26
Source Information Category:
Advisory, Alert
Last Updated:
2010-05-27




Affected Product Tags
cpe:/a:novell:access_manager:3
cpe:/a:novell:access_manager:3.1 and previous versions
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
CONFIRM http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html




SECTRACK 1022581




Vulnerability Type Authentication Issues (CWE-287)




Copyright © 2010 JPCERT/CC All Rights Reserved.