CVE-2016-1598

5.4MEDIUM

Key Information

Vendor
Novell
Status
NetIQ IDM 4.5 Identity Applications before 4.5.4
Vendor
CVE Published:
27 October 2016

Summary

XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages.

Affected Version(s)

NetIQ IDM 4.5 Identity Applications before 4.5.4 = NetIQ IDM 4.5 Identity Applications before 4.5.4

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database
.