Persistent XSS Vulnerability in Novell and NetIQ iManager Products
CVE-2017-7430

6.1MEDIUM

Key Information:

Vendor
Novell
Status
Novell Imanager 2.7.x Before 2.7 Sp7 Patch 10 Hf1 And Netiq Imanager 3.x Before 3.0.3.1
Vendor
CVE Published:
3 May 2017

Summary

Novell iManager versions 2.7.x prior to 2.7 SP7 Patch 10 HF1 and NetIQ iManager versions 3.x prior to 3.0.3.1 are susceptible to a persistent Cross-Site Scripting (XSS) vulnerability in their Framework component. This flaw allows attackers to inject malicious scripts that can be executed in the context of the affected user’s session. The vulnerability poses significant risks to user data integrity and confidentiality. Organizations using these versions are strongly encouraged to apply the latest patches and updates to safeguard their systems.

Affected Version(s)

Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1

References

https://bugzilla.novell.com/show_bug.cgi?id=1024959
x_refsource_CONFIRM
https://www.novell.com/support/kb/doc.php?id=7010166
x_refsource_CONFIRM
https://dl.netiq.com/Download?buildid=24FxpmqdThE~
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.