CVE-2017-7427

Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector, via vdtData in the Version discovery and via nextFrame in the Object Inspector and via Host GUID in the System details plugins.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
microfocusCNA
5.4 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
netiqidentity_manager
2.7.7.7 ≤
𝑥
< 4.6.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=1033828
https://www.novell.com/support/kb/doc.php?id=7021423
https://bugzilla.suse.com/show_bug.cgi?id=1033828
https://www.novell.com/support/kb/doc.php?id=7021423