Lucene search

MicrofocusCVELIST:CVE-2017-9278

HistorySep 01, 2017 - 12:00 a.m.

CVE-2017-9278 Avoid password disclosure via EBS event logging in the iManager Oracle driver

2017-09-0100:00:00

CWE-532

microfocus

www.cve.org

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.8%

JSON

The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.

CNA Affected

[
  {
    "product": "Identity Manager Oracle EBS driver",
    "vendor": "NetIQ",
    "versions": [
      {
        "lessThan": "4.0.2.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

bugzilla.suse.com/show_bug.cgi?id=1053200

download.novell.com/Download?buildid=DKFkx_xPeaw~

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.8%

JSON

Related for CVELIST:CVE-2017-9278