CVE-2017-7431 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
microfocus	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 50%

Vendor	Product	Version
novell	imanager	2.7
novell	imanager	2.7:sp1
novell	imanager	2.7:sp2
novell	imanager	2.7:sp3
novell	imanager	2.7:sp4
novell	imanager	2.7:sp4_patch1
novell	imanager	2.7:sp4_patch2
novell	imanager	2.7:sp4_patch3
novell	imanager	2.7:sp4_patch4
novell	imanager	2.7:sp5
novell	imanager	2.7:sp6
novell	imanager	2.7:sp7
novell	imanager	2.7:sp7_patch_1
novell	imanager	2.7:sp7_patch_10
novell	imanager	2.7:sp7_patch_2
novell	imanager	2.7:sp7_patch_3
novell	imanager	2.7:sp7_patch_4
novell	imanager	2.7:sp7_patch_5
novell	imanager	2.7:sp7_patch_6
novell	imanager	2.7:sp7_patch_7
novell	imanager	2.7:sp7_patch_8
novell	imanager	2.7:sp7_patch_9
netiq	imanager	3.0
netiq	imanager	3.0.1
netiq	imanager	3.0.2
netiq	imanager	3.0.2.1
netiq	imanager	3.0.3
netiq	imanager	3.0.3.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-352 - Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References

https://bugzilla.novell.com/show_bug.cgi?id=1024963

https://bugzilla.novell.com/show_bug.cgi?id=1030692

https://dl.netiq.com/Download?buildid=24FxpmqdThE~

https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~

https://www.netiq.com/support/kb/doc.php?id=7016795

https://www.novell.com/support/kb/doc.php?id=7010166

https://bugzilla.novell.com/show_bug.cgi?id=1024963

https://bugzilla.novell.com/show_bug.cgi?id=1030692

https://dl.netiq.com/Download?buildid=24FxpmqdThE~

https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~

https://www.netiq.com/support/kb/doc.php?id=7016795

https://www.novell.com/support/kb/doc.php?id=7010166