The host is installed with NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 and is prone to unspecified vulnerability. A flaw is present in the application, which fails to handle a crafted application/x-amf request that does not require authentication for the modifyAccounts method. Successful exploitation allows remote attackers to change the passwords of administrative accounts.