Lucene search

[email protected]CVE-2017-5186

HistoryApr 27, 2017 - 2:59 p.m.

CVE-2017-5186

2017-04-2714:59:00

CWE-327

[email protected]

web.nvd.nist.gov

cve-2017-5186

novell

imanager

edirectory

netiq

md5

hashing algorithm

communication certificate

security vulnerability.

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.008 Low

EPSS

Percentile

82.2%

JSON

Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.

Affected configurations

NVD

Node

netiqedirectoryMatch9.0

netiqedirectoryMatch9.0.1

netiqedirectoryMatch9.0.2

netiqimanagerMatch3.0

netiqimanagerMatch3.0.1

netiqimanagerMatch3.0.2

novelledirectoryRange≤8.8sp8_patch9

novellimanagerRange≤2.7sp7_patch8

CPENameOperatorVersion
netiq:edirectorynetiq edirectoryeq9.0
netiq:edirectorynetiq edirectoryeq9.0.1
netiq:edirectorynetiq edirectoryeq9.0.2
netiq:imanagernetiq imanagereq3.0
netiq:imanagernetiq imanagereq3.0.1
netiq:imanagernetiq imanagereq3.0.2
novell:edirectorynovell edirectoryle8.8
novell:imanagernovell imanagerle2.7

CPE	Name	Operator	Version
netiq:edirectory	netiq edirectory	eq	9.0
netiq:edirectory	netiq edirectory	eq	9.0.1
netiq:edirectory	netiq edirectory	eq	9.0.2
netiq:imanager	netiq imanager	eq	3.0
netiq:imanager	netiq imanager	eq	3.0.1
netiq:imanager	netiq imanager	eq	3.0.2
novell:edirectory	novell edirectory	le	8.8
novell:imanager	novell imanager	le	2.7

CNA Affected

[
  {
    "product": "NetIQ/Novell iManager and eDirectory",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "NetIQ/Novell iManager and eDirectory"
      }
    ]
  }
]

References

bugzilla.novell.com/show_bug.cgi?id=1019041

bugzilla.novell.com/show_bug.cgi?id=1019789

bugzilla.novell.com/show_bug.cgi?id=988749

www.novell.com/support/kb/doc.php?id=3426981

www.novell.com/support/kb/doc.php?id=7010166

www.novell.com/support/kb/doc.php?id=7016794

www.novell.com/support/kb/doc.php?id=7016795

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.008 Low

EPSS

Percentile

82.2%

JSON

Related for CVE-2017-5186

prion1 nvd1 cvelist1 openvas1