Vulnerability Details : CVE-2014-4509
The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters.
Exploit prediction scoring system (EPSS) score for CVE-2014-4509
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-4509
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
References for CVE-2014-4509
-
http://download.novell.com/Download?buildid=5XLmBl54_Rg~
Downloads - IDM 4.5 - 4.0.2b Fan-Out Core-Windows & Linux and Platform 3.6.1.29Patch
-
http://www.securityfocus.com/bid/68139
Novell Identity Manager 'Fan-Out Platform' Services Local Command Injection VulnerabilityThird Party Advisory;VDB Entry
Products affected by CVE-2014-4509
- cpe:2.3:a:netiq:identity_manager:4.0.2:*:*:*:*:*:*:*