Lucene search

[email protected]CVE-2017-7431

HistoryMay 03, 2017 - 5:59 a.m.

CVE-2017-7431

2017-05-0305:59:00

CWE-352

[email protected]

web.nvd.nist.gov

novell

imanager

netiq

csrf

object management

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.5%

JSON

Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.

Affected configurations

NVD

Node

novellimanagerMatch2.7

novellimanagerMatch2.7sp1

novellimanagerMatch2.7sp2

novellimanagerMatch2.7sp3

novellimanagerMatch2.7sp4

novellimanagerMatch2.7sp4_patch1

novellimanagerMatch2.7sp4_patch2

novellimanagerMatch2.7sp4_patch3

novellimanagerMatch2.7sp4_patch4

novellimanagerMatch2.7sp5

novellimanagerMatch2.7sp6

novellimanagerMatch2.7sp7

novellimanagerMatch2.7sp7_patch_1

novellimanagerMatch2.7sp7_patch_10

novellimanagerMatch2.7sp7_patch_2

novellimanagerMatch2.7sp7_patch_3

novellimanagerMatch2.7sp7_patch_4

novellimanagerMatch2.7sp7_patch_5

novellimanagerMatch2.7sp7_patch_6

novellimanagerMatch2.7sp7_patch_7

novellimanagerMatch2.7sp7_patch_8

novellimanagerMatch2.7sp7_patch_9

Node

netiqimanagerMatch3.0

netiqimanagerMatch3.0.1

netiqimanagerMatch3.0.2

netiqimanagerMatch3.0.2.1

netiqimanagerMatch3.0.3

netiqimanagerMatch3.0.3.1

CPENameOperatorVersion
novell:imanagernovell imanagereq2.7

CPE	Name	Operator	Version
novell:imanager	novell imanager	eq	2.7

CNA Affected

[
  {
    "product": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1"
      }
    ]
  }
]

References

bugzilla.novell.com/show_bug.cgi?id=1024963

bugzilla.novell.com/show_bug.cgi?id=1030692

dl.netiq.com/Download?buildid=24FxpmqdThE~

dl.netiq.com/Download?buildid=wpS1UqIlx-o~

www.netiq.com/support/kb/doc.php?id=7016795

www.novell.com/support/kb/doc.php?id=7010166

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.5%

JSON

Related for CVE-2017-7431

prion1 cvelist1 nvd1