FKIE_CVE-2017-5189

Vulnerability from fkie_nvd - Published: 2018-03-02 20:29 - Updated: 2024-11-21 03:27
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.
References
security@opentext.comhttps://bugzilla.suse.com/show_bug.cgi?id=1021637
security@opentext.comhttps://www.netiq.com/support/kb/doc.php?id=7016795
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.suse.com/show_bug.cgi?id=1021637
af854a3a-2127-422b-91ae-364da2661108https://www.netiq.com/support/kb/doc.php?id=7016795
Impacted products
Vendor Product Version
netiq imanager 2.7
netiq imanager 2.7.1
netiq imanager 2.7.2
netiq imanager 2.7.3
netiq imanager 2.7.4
netiq imanager 2.7.5
netiq imanager 2.7.6
netiq imanager 2.7.7
netiq imanager 2.7.7
netiq imanager 2.7.7
netiq imanager 2.7.7
netiq imanager 2.7.7
netiq imanager 2.7.7
netiq imanager 2.7.7
netiq imanager 2.7.7
netiq imanager 2.7.7.10
netiq imanager 2.7.7.10
netiq imanager 3.0
netiq imanager 3.0
netiq imanager 3.0
netiq imanager 3.0
netiq imanager 3.0
netiq imanager 3.0.2
netiq imanager 3.0.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netiq:imanager:2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9044A0FA-BD4E-4041-B16A-0C70551C65F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94134CE0-B4A4-477B-99E7-87F34B0F2CED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB1AB4D-3906-4EDA-A514-FAE007A27095",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:2.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9CA1AA-A933-4BB6-81F1-B803A2D12FB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:2.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "56B58611-550D-408E-8104-71ACD4A19FAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:2.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1842E298-D918-433F-9681-DF4AF9849029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:2.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C93EB7FE-4A3A-4273-B5B5-CF6473C4D1F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p10:*:*:*:*:*:*",
              "matchCriteriaId": "46A640AB-5C61-4801-9EB3-DA4FD6C43FE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p11:*:*:*:*:*:*",
              "matchCriteriaId": "9B6B6F6C-1CD2-4823-A224-DDFAC5FD7C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "52355F37-8540-4868-A565-E2109DA7ABA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p5:*:*:*:*:*:*",
              "matchCriteriaId": "C9B213A2-2BED-4D5F-86AA-E4FE29352E8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p6:*:*:*:*:*:*",
              "matchCriteriaId": "B2413E8E-7B96-434D-BF9B-3C769F931157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p7:*:*:*:*:*:*",
              "matchCriteriaId": "A70BA4BB-6398-46C5-9E16-4536AAD30011",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p8:*:*:*:*:*:*",
              "matchCriteriaId": "6644CB8E-DC8E-46F4-8EFF-CEF34EC40116",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p9:*:*:*:*:*:*",
              "matchCriteriaId": "088DA16B-2DCA-4EA5-86BC-93796D9F0E73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:2.7.7.10:hf1:*:*:*:*:*:*",
              "matchCriteriaId": "7447ECD4-EA24-45F9-BF0D-971D074EAB4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:2.7.7.10:hf2:*:*:*:*:*:*",
              "matchCriteriaId": "91F3BCB4-6160-48DA-8CFA-88BD1FED1C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D3D7F7B-CF13-4729-BDC8-FA7C25EB0856",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:3.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0A8EC935-B012-4F5C-AF33-3438EEA18BD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:3.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D3A86186-B039-4F7F-BE13-A5C2987C63B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:3.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "F0C76139-7684-4E41-B8BC-5D9DC6B47ABA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:3.0:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "D9AF38F2-611C-4557-8CB8-FEA46F84A779",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:3.0.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "F68364C6-7A48-49E7-BC89-6DF5181EEF2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netiq:imanager:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2482872E-C1FE-4E4E-833A-A426CC4E1230",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance."
    },
    {
      "lang": "es",
      "value": "NetIQ iManager, en versiones anteriores a la 3.0.3, entregaba una clave privada SSL en una aplicaci\u00f3n Java (archivo JAR) para autenticaci\u00f3n en Sentinel, lo que permite que atacantes remotos extraigan y establezcan sus propias conexiones en la aplicaci\u00f3n de Sentinel."
    }
  ],
  "id": "CVE-2017-5189",
  "lastModified": "2024-11-21T03:27:13.933",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "security@opentext.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-02T20:29:00.380",
  "references": [
    {
      "source": "security@opentext.com",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1021637"
    },
    {
      "source": "security@opentext.com",
      "url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1021637"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
    }
  ],
  "sourceIdentifier": "security@opentext.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "security@opentext.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.