Main Vulnerability Database Vulnerabilities #VU43230

Input validation error in IdentityMinder - CVE-2012-6299

Published: December 26, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43230

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2012-6299

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: CA

Affected software:
IdentityMinder

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to bypass intended access restrictions via unknown vectors.

How to mitigate CVE-2012-6299

Install update from vendor's website.

Sources

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={FBA53B61-3A68-4506-9876-F845F6DD8A93}

Input validation error in IdentityMinder - CVE-2012-6299

Detailed vulnerability description

How to mitigate CVE-2012-6299

Sources

Please verify you're human