Lucene search

MicrofocusCVELIST:CVE-2022-38758

HistoryJan 25, 2023 - 12:00 a.m.

CVE-2022-38758 XSS vulnerabilities in iManager

2023-01-2500:00:00

CWE-79

microfocus

www.cve.org

cve-2022-38758

cross-site scripting

netiq imanager

7.2 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L

0.001 Low

EPSS

Percentile

27.3%

JSON

Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user’s browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL.

CNA Affected

[
  {
    "vendor": "Micro Focus",
    "product": "NetIQ iManager",
    "versions": [
      {
        "version": "NetIQ iManager",
        "status": "affected",
        "lessThan": "3.2.6",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "ALL"
    ]
  }
]

References

www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html

7.2 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L

0.001 Low

EPSS

Percentile

27.3%

JSON

Related for CVELIST:CVE-2022-38758