CVE-2017-5189 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
microfocus	CNA	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 40%

Vendor	Product	Version
netiq	imanager	2.7
netiq	imanager	2.7.1
netiq	imanager	2.7.2
netiq	imanager	2.7.3
netiq	imanager	2.7.4
netiq	imanager	2.7.5
netiq	imanager	2.7.6
netiq	imanager	2.7.7:p10
netiq	imanager	2.7.7:p11
netiq	imanager	2.7.7:p4
netiq	imanager	2.7.7:p5
netiq	imanager	2.7.7:p6
netiq	imanager	2.7.7:p7
netiq	imanager	2.7.7:p8
netiq	imanager	2.7.7:p9
netiq	imanager	2.7.7.10:hf1
netiq	imanager	2.7.7.10:hf2
netiq	imanager	3.0
netiq	imanager	3.0:sp1
netiq	imanager	3.0:sp2
netiq	imanager	3.0:sp3
netiq	imanager	3.0:sp4
netiq	imanager	3.0.2:p1
netiq	imanager	3.0.3

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-522 - Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

https://bugzilla.suse.com/show_bug.cgi?id=1021637

https://www.netiq.com/support/kb/doc.php?id=7016795

https://bugzilla.suse.com/show_bug.cgi?id=1021637

https://www.netiq.com/support/kb/doc.php?id=7016795