Unauthenticated Remote Administrative Access in AutoFORM PDM Archive

Unauthenticated Remote Administrative Access in AutoFORM PDM Archive

CVE-2012-1828 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements, which allows remote authenticated users to perform administrative actions by leveraging knowledge of a hidden function, as demonstrated by the password-change function.

Learn more about our User Device Pen Test.