CVE-2017-7426

Published: Mar 1, 2018Modified: Nov 21, 2024

9.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks.

Affected (1)

Products: Netiq: Identity Manager

Netiq

1 product

Identity Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Netiq Identity Manager	Before 4.6.1

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://www.novell.com/support/kb/doc.php?id=7021173

Source: security@opentext.com

https://www.novell.com/support/kb/doc.php?id=7021173

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.