Code injection

2018-03-0220:29:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.2%

JSON

Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar.

CPENameOperatorVersion
identity_managerlt4.5.6.1

CPE	Name	Operator	Version
	identity_manager	lt	4.5.6.1

References

bugzilla.suse.com/show_bug.cgi?id=1049143

download.novell.com/Download?buildid=K7lbPAGJyIk~