CVE-2014-2936

The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or (4) dirmng/param.php.

Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2014-05-08 06:55:04.000-04
Last Modified2014-05-16 12:26:31.000-04

Vulnerable Software List

VendorProductVersions
Caldera Caldera 9.20

References

SourceLink
CERT-VNVU#693092
BID67254