Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiRgod and kimiyaZDI-18-131
HistoryJan 19, 2018 - 12:00 a.m.

Novell NetIQ Access Manager OspUIBasicSSODownload Servlet fileInfo1 Directory Traversal Information Disclosure Vulnerability

2018-01-1900:00:00
rgod and kimiya
www.zerodayinitiative.com
520

0.616 Medium

EPSS

Percentile

97.8%

JSON

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Novell NetIQ Access Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadBasicSSOServlet servlet. When parsing the fileInfo1 parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.

Related

checkpoint_advisories 1
nvd 1
cvelist 1
cve 1
prion 1
checkpoint_advisories
checkpoint_advisories
NetIQ Access Manager Directory Traversal (CVE-2017-14803)
2022-10-24 00:00:00
nvd
nvd
CVE-2017-14803
2018-01-20 00:29:00
cvelist
cvelist
CVE-2017-14803
2017-12-08 00:00:00
cve
cve
CVE-2017-14803
2018-01-20 00:29:00
prion
prion
Design/Logic Flaw
2018-01-20 00:29:00

0.616 Medium

EPSS

Percentile

97.8%

JSON
Related for ZDI-18-131
checkpoint_advisories1nvd1cvelist1cve1prion1