CVE-2025-10847
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-01
Last updated on: 2025-10-02
Assigner: Symantec Corporation
Description
Description
DX Unified Infrastructure Management (Nimsoft/UIM) and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| symantec | nimsoft_uim | 4.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the robot (controller) component of DX Unified Infrastructure Management (Nimsoft/UIM) and below, where improper Access Control List (ACL) handling allows a remote attacker to execute commands, read from, or write to the target system.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can remotely execute commands and access or modify data on the affected system, potentially leading to unauthorized control, data breaches, or system compromise.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70