Lucene search

MicrofocusCVELIST:CVE-2017-7426

HistoryAug 03, 2017 - 12:00 a.m.

CVE-2017-7426 iManager - XML External Entity vulnerabilities

2017-08-0300:00:00

microfocus

www.cve.org

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.8%

JSON

The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks.

CNA Affected

[
  {
    "product": "Identity Manager Plug-ins",
    "vendor": "NetIQ",
    "versions": [
      {
        "lessThan": "4.6.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.novell.com/support/kb/doc.php?id=7021173

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.8%

JSON

Related for CVELIST:CVE-2017-7426