Skip to main content

Edirectory CVE-2014-5213

MEDIUM
Information Exposure (CWE-200)
2014-12-19 cve@mitre.org
4.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.0 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 19, 2014 - 18:59 cve.org
MEDIUM 4.0

DescriptionCVE.org

nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request.

AnalysisAI

nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request. Affected products include: Novell Edirectory. Version information: before 8.8.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2012-0432 CRITICAL POC
10.0 Dec 25

Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote at

CVE-2016-9167 HIGH
7.5 Mar 23

NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, whi

CVE-2017-5186 HIGH
7.5 Apr 27

Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch

CVE-2016-5747 HIGH
7.5 Mar 23

A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 a

CVE-2018-17950 HIGH
7.5 Dec 12

Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2. Rated high severity (CVSS 7.5), this vulne

CVE-2018-7686 HIGH
7.5 Aug 09

Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. Rated high severity (

CVE-2018-12461 HIGH
7.5 Jul 10

Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. Rated high severity (CVSS 7.5),

CVE-2018-1346 HIGH
7.5 Mar 21

Addresses denial of service attack to eDirectory versions prior to 9.1. Rated high severity (CVSS 7.5), this vulnerabili

CVE-2014-5212 MEDIUM
4.3 Dec 19

Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allo

CVE-2016-9168 MEDIUM
6.5 Mar 23

A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by r

CVE-2012-0430 MEDIUM
6.4 Dec 25

Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote

CVE-2018-17952 MEDIUM
6.1 Dec 12

Cross site scripting vulnerability in eDirectory prior to 9.1 SP2. Rated medium severity (CVSS 6.1), this vulnerability

Share

CVE-2014-5213 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy