CVE-2017-7429 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
microfocus	CNA	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 43%

Vendor	Product	Version
microfocus	edirectory	𝑥 ≤ 8.8.8
netiq	edirectory	8.8.8:patch10
netiq	edirectory	8.8.8:patch5
netiq	edirectory	8.8.8:patch6
netiq	edirectory	8.8.8:patch7
netiq	edirectory	8.8.8:patch8
netiq	edirectory	8.8.8:patch9

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-434 - Unrestricted Upload of File with Dangerous Type
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CWE-295 - Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate.

References

https://bugzilla.suse.com/show_bug.cgi?id=1024957

https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html

https://www.novell.com/support/kb/doc.php?id=3426981

https://bugzilla.suse.com/show_bug.cgi?id=1024957

https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html

https://www.novell.com/support/kb/doc.php?id=3426981