CVE-2012-1827 - Dozier Brushes

Description

The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements which allows remote authenticated users to perform database operations via a SOAP request as demonstrated by the initializeQueryDatabase2 request.

Reference

http://www.kb.cert.org/vuls/id/773035 http://www.kb.cert.org/vuls/id/MAPG-8RQL83 http://secunia.com/advisories/49335 http://www.securityfocus.com/bid/53716