CVE-2014-5213

Published: Dec 19, 2014Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request.

Affected (1)

Products: Novell: Edirectory

Novell

1 product

Edirectory

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Novell Edirectory	Up to 8.8

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://www.securityfocus.com/archive/1/534284

Source: cve@mitre.org

http://www.securitytracker.com/id/1031408

Source: cve@mitre.org

https://bugzilla.novell.com/show_bug.cgi?id=904135

Source: cve@mitre.org

https://www.novell.com/support/kb/doc.php?id=3426981

Source: cve@mitre.org

Vendor Advisory

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141219-0_NetIQ_eDirectory_iMonitor_XSS_Memory_Disclosure_v10.txt

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/534284