Info

Disclosure

Jul 10, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Quest Foglight contains a flaw that is triggered when the program fails to properly restrict access to multiple administrator pages. This may allow a remote attacker to bypass authentication and perform administrative actions.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

The vendor has indicated that this will be fixed in the next major release as of 2012-07-10, but has not given exact details.

Products

Quest Software, Inc.	Foglight	5.5.5
		5.6.4

References

Secunia Advisory ID: 49908
Vendor URL: http://www.quest.com/
http://www.quest.com/
Vendor Specific Advisory URL: https://support.quest.com/Search/SolutionDetail.aspx?id=SOL94677&category=Solutions&SKB=1

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/83742

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Quest Software, Inc.

Foglight

References

Credit