Cross-Site Scripting in NetIQ IDM 4.5 Identity Applications by Novell
CVE-2016-1598

5.4MEDIUM

Key Information:

Vendor: Novell
Status: NetIQ IDM 4.5 Identity Applications before 4.5.4
Vendor: CVE Published:; 27 October 2016

What is CVE-2016-1598?

A cross-site scripting (XSS) vulnerability exists in NetIQ IDM 4.5 Identity Applications prior to version 4.5.4. This vulnerability allows attackers to manipulate their usernames and inject arbitrary HTML code into the Role Assignment administrator HTML pages. If exploited, this could lead to unauthorized access and compromise the integrity of the application, posing significant risks to users and the organization.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

NetIQ IDM 4.5 Identity Applications before 4.5.4 NetIQ IDM 4.5 Identity Applications before 4.5.4

References

http://www.securityfocus.com/bid/93833

vdb-entryx_refsource_BID

https://download.novell.com/Download?buildid=xyswDCMsT7I~

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 27, 2016
Vulnerability Reserved
Jan 12, 2016

JSON

Novell