Description
Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by rgod · textremotewindows
https://www.exploit-db.com/exploits/22737
References (3)
Core 3
Core References
Various Sources x_refsource_confirm
http://download.novell.com/Download?buildid=K6-PmbPjduA~
Vendor Advisory x_refsource_confirm
https://www.netiq.com/support/kb/doc.php?id=7011385
Various Sources x_refsource_misc
http://retrogod.altervista.org/9sg_novell_netiq_i_adv.htm
Scores
EPSS
0.0471
EPSS Percentile
89.5%
Details
CWE
CWE-22
Status
published
Products (2)
microfocus/privileged_user_manager
2.3.0
microfocus/privileged_user_manager
2.3.1
Published
Dec 24, 2012
Tracked Since
Feb 18, 2026