XSS vulnerabilities in iManager
CVE-2022-38758

7.2HIGH

Key Information:

Vendor: Micro Focus
Status: Netiq Imanager
Vendor: CVE Published:; 26 January 2023

🔔 Create Micro Focus Vulnerability Alert

What is CVE-2022-38758?

A Cross-site Scripting (XSS) vulnerability exists in NetIQ iManager prior to version 3.2.6. This flaw allows attackers to inject and execute malicious scripts within the user's browser, potentially leading to unauthorized data access or manipulation. Organizations using affected versions should implement necessary patches and updates to safeguard their systems and user data against such attacks.

Affected Version(s)

NetIQ iManager ALL NetIQ iManager < 3.2.6

References

https://www.netiq.com/documentation/imanager-32/imanager3...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Aug 25, 2022

Credit

Special thanks to Kajetan Rostojek for responsibly disclosing this information to us.