Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1929

CWE-119 — Buffer Overflow4 documents4 sources

Severity

9.0CRITICAL

EPSS

19.5%

top 4.61%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Novell Imanager

Timeline

PublishedJun 28

Latest updateMay 14

Description

Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

▶NVDnovell/imanager2.7.0, 2.7.3+1

🔴Vulnerability Details

GHSA

GHSA-5whq-5j94-gxvc: Multiple stack-based buffer overflows in the jclient↗2022-05-14

▶

CVEList

CVE-2010-1929: Multiple stack-based buffer overflows in the jclient↗2010-06-28

▶

💥Exploits & PoCs

Exploit-DB

Novell iManager - Multiple Vulnerabilities↗2010-06-24

▶