Search criteria
36 vulnerabilities found for iManager by NetIQ
FKIE_CVE-2022-38758
Vulnerability from fkie_nvd - Published: 2023-01-26 21:15 - Updated: 2024-11-21 07:17
Severity ?
7.2 (High) - CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:imanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A60425E-688A-4AAA-900B-A7F58E87B230",
"versionEndExcluding": "3.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user\u0027s browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross site scripting (XSS) en NetIQ iManager anterior a la versi\u00f3n 3.2.6 permite a un atacante ejecutar scripts maliciosos en el navegador del usuario. Este problema afecta a: Micro Focus NetIQ iManager Versiones de NetIQ iManager anteriores a la 3.2.6 en TODOS."
}
],
"id": "CVE-2022-38758",
"lastModified": "2024-11-21T07:17:02.293",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 6.0,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-26T21:15:49.487",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-12462
Vulnerability from fkie_nvd - Published: 2018-07-10 19:29 - Updated: 2024-11-21 03:45
Severity ?
4.8 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:imanager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5339E5-0565-478C-9D33-1A821D0A904E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities."
},
{
"lang": "es",
"value": "NetIQ iManager 3.1.1 aborda vulnerabilidades de Cross-Site Scripting (XSS) potenciales."
}
],
"id": "CVE-2018-12462",
"lastModified": "2024-11-21T03:45:15.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 3.4,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-10T19:29:00.337",
"references": [
{
"source": "security@opentext.com",
"url": "https://support.microfocus.com/kb/doc.php?id=7016795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.microfocus.com/kb/doc.php?id=7016795"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1345
Vulnerability from fkie_nvd - Published: 2018-03-21 14:29 - Updated: 2024-11-21 03:59
Severity ?
5.9 (Medium) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:imanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC39F2E6-9EE7-4FFC-9FDA-44C2E9AC42BC",
"versionEndExcluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack."
},
{
"lang": "es",
"value": "NetIQ iManager, en versiones anteriores a la 3.1, podr\u00eda ser susceptible bajo ciertas circunstancias a un ataque de elevaci\u00f3n de privilegios."
}
],
"id": "CVE-2018-1345",
"lastModified": "2024-11-21T03:59:39.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.4,
"impactScore": 4.0,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-21T14:29:00.297",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1344
Vulnerability from fkie_nvd - Published: 2018-03-21 14:29 - Updated: 2024-11-21 03:59
Severity ?
3.1 (Low) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
8.6 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
8.6 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Summary
Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:imanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC39F2E6-9EE7-4FFC-9FDA-44C2E9AC42BC",
"versionEndExcluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1"
},
{
"lang": "es",
"value": "Se trata de un potencial ataque de degradaci\u00f3n de comunicaciones en NetIQ iManager, en versiones anteriores a la 3.1."
}
],
"id": "CVE-2018-1344",
"lastModified": "2024-11-21T03:59:39.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-21T14:29:00.250",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1347
Vulnerability from fkie_nvd - Published: 2018-03-21 14:29 - Updated: 2024-11-21 03:59
Severity ?
5.3 (Medium) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:imanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC39F2E6-9EE7-4FFC-9FDA-44C2E9AC42BC",
"versionEndExcluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting."
},
{
"lang": "es",
"value": "La interfaz web administrativa en NetIQ iManager, en versiones anteriores a la 3.1, es vulnerable a Cross-Site Scripting (XSS) reflejado."
}
],
"id": "CVE-2018-1347",
"lastModified": "2024-11-21T03:59:40.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-21T14:29:00.407",
"references": [
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/bid/103492"
},
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/103492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-5189
Vulnerability from fkie_nvd - Published: 2018-03-02 20:29 - Updated: 2024-11-21 03:27
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netiq | imanager | 2.7 | |
| netiq | imanager | 2.7.1 | |
| netiq | imanager | 2.7.2 | |
| netiq | imanager | 2.7.3 | |
| netiq | imanager | 2.7.4 | |
| netiq | imanager | 2.7.5 | |
| netiq | imanager | 2.7.6 | |
| netiq | imanager | 2.7.7 | |
| netiq | imanager | 2.7.7 | |
| netiq | imanager | 2.7.7 | |
| netiq | imanager | 2.7.7 | |
| netiq | imanager | 2.7.7 | |
| netiq | imanager | 2.7.7 | |
| netiq | imanager | 2.7.7 | |
| netiq | imanager | 2.7.7 | |
| netiq | imanager | 2.7.7.10 | |
| netiq | imanager | 2.7.7.10 | |
| netiq | imanager | 3.0 | |
| netiq | imanager | 3.0 | |
| netiq | imanager | 3.0 | |
| netiq | imanager | 3.0 | |
| netiq | imanager | 3.0 | |
| netiq | imanager | 3.0.2 | |
| netiq | imanager | 3.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:imanager:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9044A0FA-BD4E-4041-B16A-0C70551C65F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94134CE0-B4A4-477B-99E7-87F34B0F2CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DB1AB4D-3906-4EDA-A514-FAE007A27095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC9CA1AA-A933-4BB6-81F1-B803A2D12FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "56B58611-550D-408E-8104-71ACD4A19FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1842E298-D918-433F-9681-DF4AF9849029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C93EB7FE-4A3A-4273-B5B5-CF6473C4D1F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p10:*:*:*:*:*:*",
"matchCriteriaId": "46A640AB-5C61-4801-9EB3-DA4FD6C43FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p11:*:*:*:*:*:*",
"matchCriteriaId": "9B6B6F6C-1CD2-4823-A224-DDFAC5FD7C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p4:*:*:*:*:*:*",
"matchCriteriaId": "52355F37-8540-4868-A565-E2109DA7ABA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p5:*:*:*:*:*:*",
"matchCriteriaId": "C9B213A2-2BED-4D5F-86AA-E4FE29352E8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p6:*:*:*:*:*:*",
"matchCriteriaId": "B2413E8E-7B96-434D-BF9B-3C769F931157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p7:*:*:*:*:*:*",
"matchCriteriaId": "A70BA4BB-6398-46C5-9E16-4536AAD30011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p8:*:*:*:*:*:*",
"matchCriteriaId": "6644CB8E-DC8E-46F4-8EFF-CEF34EC40116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p9:*:*:*:*:*:*",
"matchCriteriaId": "088DA16B-2DCA-4EA5-86BC-93796D9F0E73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:2.7.7.10:hf1:*:*:*:*:*:*",
"matchCriteriaId": "7447ECD4-EA24-45F9-BF0D-971D074EAB4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:2.7.7.10:hf2:*:*:*:*:*:*",
"matchCriteriaId": "91F3BCB4-6160-48DA-8CFA-88BD1FED1C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3D7F7B-CF13-4729-BDC8-FA7C25EB0856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0A8EC935-B012-4F5C-AF33-3438EEA18BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D3A86186-B039-4F7F-BE13-A5C2987C63B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F0C76139-7684-4E41-B8BC-5D9DC6B47ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "D9AF38F2-611C-4557-8CB8-FEA46F84A779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "F68364C6-7A48-49E7-BC89-6DF5181EEF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2482872E-C1FE-4E4E-833A-A426CC4E1230",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance."
},
{
"lang": "es",
"value": "NetIQ iManager, en versiones anteriores a la 3.0.3, entregaba una clave privada SSL en una aplicaci\u00f3n Java (archivo JAR) para autenticaci\u00f3n en Sentinel, lo que permite que atacantes remotos extraigan y establezcan sus propias conexiones en la aplicaci\u00f3n de Sentinel."
}
],
"id": "CVE-2017-5189",
"lastModified": "2024-11-21T03:27:13.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-02T20:29:00.380",
"references": [
{
"source": "security@opentext.com",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1021637"
},
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1021637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-7425
Vulnerability from fkie_nvd - Published: 2017-11-06 17:29 - Updated: 2025-04-20 01:37
Severity ?
7.6 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:imanager:*:patch_10:*:*:*:*:*:*",
"matchCriteriaId": "32DC4B54-DDD2-4841-B235-42E0F23C6427",
"versionEndIncluding": "2.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05BB70E3-58EA-43EC-BB10-A382A7405601",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2."
},
{
"lang": "es",
"value": "Existen m\u00faltiples problemas potenciales de XSS reflejado en NetIQ iManager en versiones anteriores a la 2.7.7 Patch 10 HF2 y 3.0.3.2."
}
],
"id": "CVE-2017-7425",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 5.5,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-06T17:29:00.387",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html"
},
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html"
},
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7016795"
},
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7021423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7016795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7021423"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-7431
Vulnerability from fkie_nvd - Published: 2017-05-03 05:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| netiq | imanager | 3.0 | |
| netiq | imanager | 3.0.1 | |
| netiq | imanager | 3.0.2 | |
| netiq | imanager | 3.0.2.1 | |
| netiq | imanager | 3.0.3 | |
| netiq | imanager | 3.0.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B982AA70-B5BA-4E56-8DBE-15EEC0A70DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3D39CE17-0383-4078-8600-C07F9E943699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BF8877DA-0E30-40C7-9506-8B07A42C76A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "584A6436-0480-4EC8-8129-DFD3CFFF10A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp4:*:*:*:*:*:*",
"matchCriteriaId": "C62EA146-9EFC-4CDC-96A7-E44CC0744B83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp4_patch1:*:*:*:*:*:*",
"matchCriteriaId": "155397A8-932C-40EC-B763-AC39D5B8B736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp4_patch2:*:*:*:*:*:*",
"matchCriteriaId": "7DBD982A-EF73-403E-B486-BBECBCE606BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp4_patch3:*:*:*:*:*:*",
"matchCriteriaId": "096ADACF-B48F-4636-B141-4D680F498A49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp4_patch4:*:*:*:*:*:*",
"matchCriteriaId": "724BD98B-2407-4B8D-8892-A39B965249BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp5:*:*:*:*:*:*",
"matchCriteriaId": "8F0B8EAE-210E-4AB8-9373-B8FC1216C056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F265DEB1-0DA8-41B4-8F83-617C64C42BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7:*:*:*:*:*:*",
"matchCriteriaId": "10A72CB5-EC86-431F-9DE6-861FB314434A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_1:*:*:*:*:*:*",
"matchCriteriaId": "F62A4826-99FB-4255-960E-74FC427A92B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_10:*:*:*:*:*:*",
"matchCriteriaId": "EDD11B88-EB75-48DE-BB17-7B57ABE85973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_2:*:*:*:*:*:*",
"matchCriteriaId": "86B6883E-4A18-4AFD-9B3A-F994F7EB6DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_3:*:*:*:*:*:*",
"matchCriteriaId": "141E6087-B64F-46E1-A2AF-D7E78D55D3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_4:*:*:*:*:*:*",
"matchCriteriaId": "274A55F9-1143-43C4-9A9A-346FFDF37910",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_5:*:*:*:*:*:*",
"matchCriteriaId": "0024EE9F-22EB-4506-B31C-5A96EF3856F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_6:*:*:*:*:*:*",
"matchCriteriaId": "539F5CF0-CE59-4771-8A22-A8CC8374ECEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_7:*:*:*:*:*:*",
"matchCriteriaId": "33EA7239-B6FF-494D-8F93-2612A15C1DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_8:*:*:*:*:*:*",
"matchCriteriaId": "1C4392D2-CE7F-4788-90F9-9AD636FC49E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_9:*:*:*:*:*:*",
"matchCriteriaId": "E641A85F-2B46-420B-AF9E-AD22D8BD348B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3D7F7B-CF13-4729-BDC8-FA7C25EB0856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B44FED3-A5D0-4F0D-AD4F-329152057627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A555C67-FE51-414D-B93A-42DEC732EAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54F06556-00E1-40B1-97B9-E0574DC4B597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2482872E-C1FE-4E4E-833A-A426CC4E1230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DDB7A9D-A03D-458D-87CA-EF9440ABA86E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management."
},
{
"lang": "es",
"value": "Novell iManager 2.7.x antes 2.7 SP7 Patch 10 HF1 y NetIQ iManager 3.x antes 3.0.3.1 tienen un CSRF persistente en la gesti\u00f3n de objetos."
}
],
"id": "CVE-2017-7431",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-03T05:59:00.313",
"references": [
{
"source": "security@opentext.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1024963"
},
{
"source": "security@opentext.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1030692"
},
{
"source": "security@opentext.com",
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"source": "security@opentext.com",
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
},
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1024963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1030692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-7428
Vulnerability from fkie_nvd - Published: 2017-05-03 05:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3D7F7B-CF13-4729-BDC8-FA7C25EB0856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B44FED3-A5D0-4F0D-AD4F-329152057627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A555C67-FE51-414D-B93A-42DEC732EAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54F06556-00E1-40B1-97B9-E0574DC4B597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2482872E-C1FE-4E4E-833A-A426CC4E1230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DDB7A9D-A03D-458D-87CA-EF9440ABA86E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat."
},
{
"lang": "es",
"value": "NetIQ iManager 3.x antes de 3.0.3.1 tiene un problema en la renegociaci\u00f3n de los par\u00e1metros de conexi\u00f3n con Tomcat."
}
],
"id": "CVE-2017-7428",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-03T05:59:00.203",
"references": [
{
"source": "security@opentext.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1029431"
},
{
"source": "security@opentext.com",
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
},
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1029431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-7430
Vulnerability from fkie_nvd - Published: 2017-05-03 05:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| netiq | imanager | 3.0 | |
| netiq | imanager | 3.0.1 | |
| netiq | imanager | 3.0.2 | |
| netiq | imanager | 3.0.2.1 | |
| netiq | imanager | 3.0.3 | |
| netiq | imanager | 3.0.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B982AA70-B5BA-4E56-8DBE-15EEC0A70DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3D39CE17-0383-4078-8600-C07F9E943699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BF8877DA-0E30-40C7-9506-8B07A42C76A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "584A6436-0480-4EC8-8129-DFD3CFFF10A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp4:*:*:*:*:*:*",
"matchCriteriaId": "C62EA146-9EFC-4CDC-96A7-E44CC0744B83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp4_patch1:*:*:*:*:*:*",
"matchCriteriaId": "155397A8-932C-40EC-B763-AC39D5B8B736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp4_patch2:*:*:*:*:*:*",
"matchCriteriaId": "7DBD982A-EF73-403E-B486-BBECBCE606BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp4_patch3:*:*:*:*:*:*",
"matchCriteriaId": "096ADACF-B48F-4636-B141-4D680F498A49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp4_patch4:*:*:*:*:*:*",
"matchCriteriaId": "724BD98B-2407-4B8D-8892-A39B965249BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp5:*:*:*:*:*:*",
"matchCriteriaId": "8F0B8EAE-210E-4AB8-9373-B8FC1216C056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F265DEB1-0DA8-41B4-8F83-617C64C42BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7:*:*:*:*:*:*",
"matchCriteriaId": "10A72CB5-EC86-431F-9DE6-861FB314434A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_1:*:*:*:*:*:*",
"matchCriteriaId": "F62A4826-99FB-4255-960E-74FC427A92B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_10:*:*:*:*:*:*",
"matchCriteriaId": "EDD11B88-EB75-48DE-BB17-7B57ABE85973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_2:*:*:*:*:*:*",
"matchCriteriaId": "86B6883E-4A18-4AFD-9B3A-F994F7EB6DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_3:*:*:*:*:*:*",
"matchCriteriaId": "141E6087-B64F-46E1-A2AF-D7E78D55D3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_4:*:*:*:*:*:*",
"matchCriteriaId": "274A55F9-1143-43C4-9A9A-346FFDF37910",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_5:*:*:*:*:*:*",
"matchCriteriaId": "0024EE9F-22EB-4506-B31C-5A96EF3856F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_6:*:*:*:*:*:*",
"matchCriteriaId": "539F5CF0-CE59-4771-8A22-A8CC8374ECEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_7:*:*:*:*:*:*",
"matchCriteriaId": "33EA7239-B6FF-494D-8F93-2612A15C1DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_8:*:*:*:*:*:*",
"matchCriteriaId": "1C4392D2-CE7F-4788-90F9-9AD636FC49E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_9:*:*:*:*:*:*",
"matchCriteriaId": "E641A85F-2B46-420B-AF9E-AD22D8BD348B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3D7F7B-CF13-4729-BDC8-FA7C25EB0856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B44FED3-A5D0-4F0D-AD4F-329152057627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A555C67-FE51-414D-B93A-42DEC732EAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54F06556-00E1-40B1-97B9-E0574DC4B597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2482872E-C1FE-4E4E-833A-A426CC4E1230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DDB7A9D-A03D-458D-87CA-EF9440ABA86E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework."
},
{
"lang": "es",
"value": "Novell iManager en versiones 2.7.x anteriores a la 2.7 SP7 Patch 10 HF1 y NetIQ iManager versiones 3.x anteriores a la 3.0.3.1 presentan una vulnerabilidad de XSS persistente en el Framework."
}
],
"id": "CVE-2017-7430",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-03T05:59:00.267",
"references": [
{
"source": "security@opentext.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1024959"
},
{
"source": "security@opentext.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1030691"
},
{
"source": "security@opentext.com",
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"source": "security@opentext.com",
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
},
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1024959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1030691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-7432
Vulnerability from fkie_nvd - Published: 2017-05-03 05:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| novell | imanager | 2.7 | |
| netiq | imanager | 3.0 | |
| netiq | imanager | 3.0.1 | |
| netiq | imanager | 3.0.2 | |
| netiq | imanager | 3.0.2.1 | |
| netiq | imanager | 3.0.3 | |
| netiq | imanager | 3.0.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B982AA70-B5BA-4E56-8DBE-15EEC0A70DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3D39CE17-0383-4078-8600-C07F9E943699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BF8877DA-0E30-40C7-9506-8B07A42C76A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "584A6436-0480-4EC8-8129-DFD3CFFF10A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp4:*:*:*:*:*:*",
"matchCriteriaId": "C62EA146-9EFC-4CDC-96A7-E44CC0744B83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp4_patch1:*:*:*:*:*:*",
"matchCriteriaId": "155397A8-932C-40EC-B763-AC39D5B8B736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp4_patch2:*:*:*:*:*:*",
"matchCriteriaId": "7DBD982A-EF73-403E-B486-BBECBCE606BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp4_patch3:*:*:*:*:*:*",
"matchCriteriaId": "096ADACF-B48F-4636-B141-4D680F498A49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp4_patch4:*:*:*:*:*:*",
"matchCriteriaId": "724BD98B-2407-4B8D-8892-A39B965249BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp5:*:*:*:*:*:*",
"matchCriteriaId": "8F0B8EAE-210E-4AB8-9373-B8FC1216C056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F265DEB1-0DA8-41B4-8F83-617C64C42BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7:*:*:*:*:*:*",
"matchCriteriaId": "10A72CB5-EC86-431F-9DE6-861FB314434A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_1:*:*:*:*:*:*",
"matchCriteriaId": "F62A4826-99FB-4255-960E-74FC427A92B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_10:*:*:*:*:*:*",
"matchCriteriaId": "EDD11B88-EB75-48DE-BB17-7B57ABE85973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_2:*:*:*:*:*:*",
"matchCriteriaId": "86B6883E-4A18-4AFD-9B3A-F994F7EB6DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_3:*:*:*:*:*:*",
"matchCriteriaId": "141E6087-B64F-46E1-A2AF-D7E78D55D3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_4:*:*:*:*:*:*",
"matchCriteriaId": "274A55F9-1143-43C4-9A9A-346FFDF37910",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_5:*:*:*:*:*:*",
"matchCriteriaId": "0024EE9F-22EB-4506-B31C-5A96EF3856F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_6:*:*:*:*:*:*",
"matchCriteriaId": "539F5CF0-CE59-4771-8A22-A8CC8374ECEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_7:*:*:*:*:*:*",
"matchCriteriaId": "33EA7239-B6FF-494D-8F93-2612A15C1DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_8:*:*:*:*:*:*",
"matchCriteriaId": "1C4392D2-CE7F-4788-90F9-9AD636FC49E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:novell:imanager:2.7:sp7_patch_9:*:*:*:*:*:*",
"matchCriteriaId": "E641A85F-2B46-420B-AF9E-AD22D8BD348B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3D7F7B-CF13-4729-BDC8-FA7C25EB0856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B44FED3-A5D0-4F0D-AD4F-329152057627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A555C67-FE51-414D-B93A-42DEC732EAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54F06556-00E1-40B1-97B9-E0574DC4B597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2482872E-C1FE-4E4E-833A-A426CC4E1230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:imanager:3.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DDB7A9D-A03D-458D-87CA-EF9440ABA86E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability."
},
{
"lang": "es",
"value": "Novell iManager 2.7.x antes 2.7 SP7 Patch 10 HF1 y NetIQ iManager 3.x antes 3.0.3.1 tienen una vulnerabilidad de carga de webshell."
}
],
"id": "CVE-2017-7432",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-03T05:59:00.360",
"references": [
{
"source": "security@opentext.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1027619"
},
{
"source": "security@opentext.com",
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"source": "security@opentext.com",
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
},
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1027619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-38758 (GCVE-0-2022-38758)
Vulnerability from cvelistv5 – Published: 2023-01-25 00:00 – Updated: 2025-03-27 20:15
VLAI?
Summary
Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL.
Severity ?
7.2 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ iManager |
Affected:
NetIQ iManager , < 3.2.6
(custom)
|
Credits
Special thanks to Kajetan Rostojek for responsibly disclosing this information to us.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T20:15:16.517246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T20:15:28.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"ALL"
],
"product": "NetIQ iManager",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "3.2.6",
"status": "affected",
"version": "NetIQ iManager",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Kajetan Rostojek for responsibly disclosing this information to us."
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user\u0027s browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-25T00:00:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XSS vulnerabilities in iManager",
"workarounds": [
{
"lang": "en",
"value": "Upgrade to NetIQ iManager 3.2.6 or higher."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-38758",
"datePublished": "2023-01-25T00:00:00.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2025-03-27T20:15:28.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12462 (GCVE-0-2018-12462)
Vulnerability from cvelistv5 – Published: 2018-07-10 19:00 – Updated: 2024-09-16 18:56
VLAI?
Summary
NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.
Severity ?
4.8 (Medium)
CWE
- NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:06.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7016795"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iManager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "3.1.1",
"status": "affected",
"version": "NetIQ iManager",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:36",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7016795"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to NetIQ iManager 3.1.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NetIQ iManager XSS vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-07-02T05:00:00.000Z",
"ID": "CVE-2018-12462",
"STATE": "PUBLIC",
"TITLE": "NetIQ iManager XSS vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iManager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "NetIQ iManager",
"version_value": "3.1.1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.microfocus.com/kb/doc.php?id=7016795",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7016795"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to NetIQ iManager 3.1.1"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-12462",
"datePublished": "2018-07-10T19:00:00Z",
"dateReserved": "2018-06-15T00:00:00",
"dateUpdated": "2024-09-16T18:56:13.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1344 (GCVE-0-2018-1344)
Vulnerability from cvelistv5 – Published: 2018-03-21 14:00 – Updated: 2024-08-05 03:59
VLAI?
Summary
Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1
Severity ?
CWE
- communication downgrade
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iManager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "3.1",
"status": "affected",
"version": "iManager versions prior to 3.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "communication downgrade",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:59",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to iManager 3.1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "NetIQ iManager Communication Downgrade Attack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-1344",
"STATE": "PUBLIC",
"TITLE": "NetIQ iManager Communication Downgrade Attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iManager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "iManager versions prior to 3.1",
"version_value": "3.1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "communication downgrade"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to iManager 3.1"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-1344",
"datePublished": "2018-03-21T14:00:00",
"dateReserved": "2017-12-10T00:00:00",
"dateUpdated": "2024-08-05T03:59:38.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1345 (GCVE-0-2018-1345)
Vulnerability from cvelistv5 – Published: 2018-03-21 14:00 – Updated: 2024-08-05 03:59
VLAI?
Summary
NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack.
Severity ?
5.9 (Medium)
CWE
- Elevation of Privilege
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iManager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "3.1",
"status": "affected",
"version": "prior to version 3.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:58",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to NetIQ iManager 3.1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "iManager elevation of privilege",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-1345",
"STATE": "PUBLIC",
"TITLE": "iManager elevation of privilege"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iManager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "prior to version 3.1",
"version_value": "3.1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to NetIQ iManager 3.1"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-1345",
"datePublished": "2018-03-21T14:00:00",
"dateReserved": "2017-12-10T00:00:00",
"dateUpdated": "2024-08-05T03:59:38.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1347 (GCVE-0-2018-1347)
Vulnerability from cvelistv5 – Published: 2018-03-21 14:00 – Updated: 2024-08-05 03:59
VLAI?
Summary
The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting.
Severity ?
5.3 (Medium)
CWE
- Reflected XSS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
},
{
"name": "103492",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iManager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "3.1",
"status": "affected",
"version": "iManager prior to (3.1)",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:24",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
},
{
"name": "103492",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103492"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to iManager 3.1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "NetIQ iManager, versions prior to 3.1, reflected XSS issue ",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-1347",
"STATE": "PUBLIC",
"TITLE": "NetIQ iManager, versions prior to 3.1, reflected XSS issue "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iManager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "iManager prior to (3.1)",
"version_value": "3.1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
},
{
"name": "103492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103492"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to iManager 3.1"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-1347",
"datePublished": "2018-03-21T14:00:00",
"dateReserved": "2017-12-10T00:00:00",
"dateUpdated": "2024-08-05T03:59:38.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5189 (GCVE-0-2017-5189)
Vulnerability from cvelistv5 – Published: 2018-03-02 20:00 – Updated: 2024-09-17 03:59
VLAI?
Summary
NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.
Severity ?
4.3 (Medium)
CWE
- Exposure of secret credentials in user exposed data
- CWE-522
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1021637"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iManager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "3.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of secret credentials in user exposed data",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:44",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1021637"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
}
],
"source": {
"defect": [
"1021637"
],
"discovery": "UNKNOWN"
},
"title": "private SSL key embedded in JAR file in iManager",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-04-01T00:00:00.000Z",
"ID": "CVE-2017-5189",
"STATE": "PUBLIC",
"TITLE": "private SSL key embedded in JAR file in iManager"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iManager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.0.3"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of secret credentials in user exposed data"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1021637",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1021637"
},
{
"name": "https://www.netiq.com/support/kb/doc.php?id=7016795",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
}
]
},
"source": {
"defect": [
"1021637"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-5189",
"datePublished": "2018-03-02T20:00:00Z",
"dateReserved": "2017-01-06T00:00:00",
"dateUpdated": "2024-09-17T03:59:02.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7425 (GCVE-0-2017-7425)
Vulnerability from cvelistv5 – Published: 2017-11-06 17:00 – Updated: 2024-08-05 16:04
VLAI?
Summary
Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.
Severity ?
7.6 (High)
CWE
- XSS
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ Corporation | NetIQ iManager |
Affected:
2.7.7 Patch 10 HF2
Affected: 3.0.3.2 |
Credits
Special thanks is given to Pawel.Batunek@ingservicespolska.pl for finding and reporting this issue as part of the responsible disclosure process..
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7021423"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ iManager",
"vendor": "NetIQ Corporation",
"versions": [
{
"status": "affected",
"version": "2.7.7 Patch 10 HF2"
},
{
"status": "affected",
"version": "3.0.3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks is given to Pawel.Batunek@ingservicespolska.pl for finding and reporting this issue as part of the responsible disclosure process.."
}
],
"datePublic": "2017-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:49",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7021423"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html"
}
],
"title": "Multiple Reflected XSS in iManager",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2017-7425",
"STATE": "PUBLIC",
"TITLE": "Multiple Reflected XSS in iManager"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ iManager",
"version": {
"version_data": [
{
"version_value": "2.7.7 Patch 10 HF2"
},
{
"version_value": "3.0.3.2"
}
]
}
}
]
},
"vendor_name": "NetIQ Corporation"
}
]
}
},
"credit": [
"Special thanks is given to Pawel.Batunek@ingservicespolska.pl for finding and reporting this issue as part of the responsible disclosure process.."
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7016795",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7016795"
},
{
"name": "https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7021423",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7021423"
},
{
"name": "https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html"
}
]
},
"solution": "See 2.7.7.10 release notes located here: https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html \nSee 3.0.3.2 release notes located here: https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-7425",
"datePublished": "2017-11-06T17:00:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7430 (GCVE-0-2017-7430)
Vulnerability from cvelistv5 – Published: 2017-05-03 05:13 – Updated: 2024-08-05 16:04
VLAI?
Summary
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 |
Affected:
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1024959"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1030691"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1"
}
]
}
],
"datePublic": "2017-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:35",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1024959"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1030691"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2017-7430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1",
"version": {
"version_data": [
{
"version_value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1024959",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1024959"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7010166",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"name": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~",
"refsource": "CONFIRM",
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"name": "https://www.netiq.com/support/kb/doc.php?id=7016795",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1030691",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1030691"
},
{
"name": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~",
"refsource": "CONFIRM",
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-7430",
"datePublished": "2017-05-03T05:13:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7432 (GCVE-0-2017-7432)
Vulnerability from cvelistv5 – Published: 2017-05-03 05:13 – Updated: 2024-08-05 16:04
VLAI?
Summary
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability.
Severity ?
No CVSS data available.
CWE
- webshell upload
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 |
Affected:
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1027619"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1"
}
]
}
],
"datePublic": "2017-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "webshell upload",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:37",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1027619"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2017-7432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1",
"version": {
"version_data": [
{
"version_value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "webshell upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1027619",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1027619"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7010166",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"name": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~",
"refsource": "CONFIRM",
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"name": "https://www.netiq.com/support/kb/doc.php?id=7016795",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"name": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~",
"refsource": "CONFIRM",
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-7432",
"datePublished": "2017-05-03T05:13:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7431 (GCVE-0-2017-7431)
Vulnerability from cvelistv5 – Published: 2017-05-03 05:13 – Updated: 2024-08-05 16:04
VLAI?
Summary
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.
Severity ?
No CVSS data available.
CWE
- CSRF
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 |
Affected:
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1024963"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1030692"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1"
}
]
}
],
"datePublic": "2017-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:27",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1024963"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1030692"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2017-7431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1",
"version": {
"version_data": [
{
"version_value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1024963",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1024963"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1030692",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1030692"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7010166",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"name": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~",
"refsource": "CONFIRM",
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"name": "https://www.netiq.com/support/kb/doc.php?id=7016795",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"name": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~",
"refsource": "CONFIRM",
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-7431",
"datePublished": "2017-05-03T05:13:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38758 (GCVE-0-2022-38758)
Vulnerability from nvd – Published: 2023-01-25 00:00 – Updated: 2025-03-27 20:15
VLAI?
Summary
Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL.
Severity ?
7.2 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ iManager |
Affected:
NetIQ iManager , < 3.2.6
(custom)
|
Credits
Special thanks to Kajetan Rostojek for responsibly disclosing this information to us.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T20:15:16.517246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T20:15:28.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"ALL"
],
"product": "NetIQ iManager",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "3.2.6",
"status": "affected",
"version": "NetIQ iManager",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Kajetan Rostojek for responsibly disclosing this information to us."
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user\u0027s browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-25T00:00:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XSS vulnerabilities in iManager",
"workarounds": [
{
"lang": "en",
"value": "Upgrade to NetIQ iManager 3.2.6 or higher."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-38758",
"datePublished": "2023-01-25T00:00:00.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2025-03-27T20:15:28.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12462 (GCVE-0-2018-12462)
Vulnerability from nvd – Published: 2018-07-10 19:00 – Updated: 2024-09-16 18:56
VLAI?
Summary
NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.
Severity ?
4.8 (Medium)
CWE
- NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:06.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7016795"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iManager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "3.1.1",
"status": "affected",
"version": "NetIQ iManager",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:36",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7016795"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to NetIQ iManager 3.1.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NetIQ iManager XSS vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-07-02T05:00:00.000Z",
"ID": "CVE-2018-12462",
"STATE": "PUBLIC",
"TITLE": "NetIQ iManager XSS vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iManager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "NetIQ iManager",
"version_value": "3.1.1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.microfocus.com/kb/doc.php?id=7016795",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7016795"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to NetIQ iManager 3.1.1"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-12462",
"datePublished": "2018-07-10T19:00:00Z",
"dateReserved": "2018-06-15T00:00:00",
"dateUpdated": "2024-09-16T18:56:13.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1344 (GCVE-0-2018-1344)
Vulnerability from nvd – Published: 2018-03-21 14:00 – Updated: 2024-08-05 03:59
VLAI?
Summary
Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1
Severity ?
CWE
- communication downgrade
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iManager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "3.1",
"status": "affected",
"version": "iManager versions prior to 3.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "communication downgrade",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:59",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to iManager 3.1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "NetIQ iManager Communication Downgrade Attack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-1344",
"STATE": "PUBLIC",
"TITLE": "NetIQ iManager Communication Downgrade Attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iManager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "iManager versions prior to 3.1",
"version_value": "3.1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "communication downgrade"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to iManager 3.1"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-1344",
"datePublished": "2018-03-21T14:00:00",
"dateReserved": "2017-12-10T00:00:00",
"dateUpdated": "2024-08-05T03:59:38.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1345 (GCVE-0-2018-1345)
Vulnerability from nvd – Published: 2018-03-21 14:00 – Updated: 2024-08-05 03:59
VLAI?
Summary
NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack.
Severity ?
5.9 (Medium)
CWE
- Elevation of Privilege
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iManager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "3.1",
"status": "affected",
"version": "prior to version 3.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:58",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to NetIQ iManager 3.1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "iManager elevation of privilege",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-1345",
"STATE": "PUBLIC",
"TITLE": "iManager elevation of privilege"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iManager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "prior to version 3.1",
"version_value": "3.1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to NetIQ iManager 3.1"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-1345",
"datePublished": "2018-03-21T14:00:00",
"dateReserved": "2017-12-10T00:00:00",
"dateUpdated": "2024-08-05T03:59:38.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1347 (GCVE-0-2018-1347)
Vulnerability from nvd – Published: 2018-03-21 14:00 – Updated: 2024-08-05 03:59
VLAI?
Summary
The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting.
Severity ?
5.3 (Medium)
CWE
- Reflected XSS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
},
{
"name": "103492",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iManager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "3.1",
"status": "affected",
"version": "iManager prior to (3.1)",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:24",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
},
{
"name": "103492",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103492"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to iManager 3.1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "NetIQ iManager, versions prior to 3.1, reflected XSS issue ",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-1347",
"STATE": "PUBLIC",
"TITLE": "NetIQ iManager, versions prior to 3.1, reflected XSS issue "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iManager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "iManager prior to (3.1)",
"version_value": "3.1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html"
},
{
"name": "103492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103492"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to iManager 3.1"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-1347",
"datePublished": "2018-03-21T14:00:00",
"dateReserved": "2017-12-10T00:00:00",
"dateUpdated": "2024-08-05T03:59:38.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5189 (GCVE-0-2017-5189)
Vulnerability from nvd – Published: 2018-03-02 20:00 – Updated: 2024-09-17 03:59
VLAI?
Summary
NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.
Severity ?
4.3 (Medium)
CWE
- Exposure of secret credentials in user exposed data
- CWE-522
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1021637"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iManager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "3.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of secret credentials in user exposed data",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:44",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1021637"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
}
],
"source": {
"defect": [
"1021637"
],
"discovery": "UNKNOWN"
},
"title": "private SSL key embedded in JAR file in iManager",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-04-01T00:00:00.000Z",
"ID": "CVE-2017-5189",
"STATE": "PUBLIC",
"TITLE": "private SSL key embedded in JAR file in iManager"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iManager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.0.3"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of secret credentials in user exposed data"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1021637",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1021637"
},
{
"name": "https://www.netiq.com/support/kb/doc.php?id=7016795",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
}
]
},
"source": {
"defect": [
"1021637"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-5189",
"datePublished": "2018-03-02T20:00:00Z",
"dateReserved": "2017-01-06T00:00:00",
"dateUpdated": "2024-09-17T03:59:02.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7425 (GCVE-0-2017-7425)
Vulnerability from nvd – Published: 2017-11-06 17:00 – Updated: 2024-08-05 16:04
VLAI?
Summary
Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.
Severity ?
7.6 (High)
CWE
- XSS
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ Corporation | NetIQ iManager |
Affected:
2.7.7 Patch 10 HF2
Affected: 3.0.3.2 |
Credits
Special thanks is given to Pawel.Batunek@ingservicespolska.pl for finding and reporting this issue as part of the responsible disclosure process..
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7021423"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ iManager",
"vendor": "NetIQ Corporation",
"versions": [
{
"status": "affected",
"version": "2.7.7 Patch 10 HF2"
},
{
"status": "affected",
"version": "3.0.3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks is given to Pawel.Batunek@ingservicespolska.pl for finding and reporting this issue as part of the responsible disclosure process.."
}
],
"datePublic": "2017-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:49",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7021423"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html"
}
],
"title": "Multiple Reflected XSS in iManager",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2017-7425",
"STATE": "PUBLIC",
"TITLE": "Multiple Reflected XSS in iManager"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ iManager",
"version": {
"version_data": [
{
"version_value": "2.7.7 Patch 10 HF2"
},
{
"version_value": "3.0.3.2"
}
]
}
}
]
},
"vendor_name": "NetIQ Corporation"
}
]
}
},
"credit": [
"Special thanks is given to Pawel.Batunek@ingservicespolska.pl for finding and reporting this issue as part of the responsible disclosure process.."
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7016795",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7016795"
},
{
"name": "https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7021423",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7021423"
},
{
"name": "https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html"
}
]
},
"solution": "See 2.7.7.10 release notes located here: https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html \nSee 3.0.3.2 release notes located here: https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-7425",
"datePublished": "2017-11-06T17:00:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7430 (GCVE-0-2017-7430)
Vulnerability from nvd – Published: 2017-05-03 05:13 – Updated: 2024-08-05 16:04
VLAI?
Summary
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 |
Affected:
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1024959"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1030691"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1"
}
]
}
],
"datePublic": "2017-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:35",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1024959"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1030691"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2017-7430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1",
"version": {
"version_data": [
{
"version_value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1024959",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1024959"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7010166",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"name": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~",
"refsource": "CONFIRM",
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"name": "https://www.netiq.com/support/kb/doc.php?id=7016795",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1030691",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1030691"
},
{
"name": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~",
"refsource": "CONFIRM",
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-7430",
"datePublished": "2017-05-03T05:13:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7432 (GCVE-0-2017-7432)
Vulnerability from nvd – Published: 2017-05-03 05:13 – Updated: 2024-08-05 16:04
VLAI?
Summary
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability.
Severity ?
No CVSS data available.
CWE
- webshell upload
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 |
Affected:
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1027619"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1"
}
]
}
],
"datePublic": "2017-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "webshell upload",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:37",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1027619"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2017-7432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1",
"version": {
"version_data": [
{
"version_value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "webshell upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1027619",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1027619"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7010166",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"name": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~",
"refsource": "CONFIRM",
"url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~"
},
{
"name": "https://www.netiq.com/support/kb/doc.php?id=7016795",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
},
{
"name": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~",
"refsource": "CONFIRM",
"url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-7432",
"datePublished": "2017-05-03T05:13:00",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-08-05T16:04:11.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}