CVE-2017-7429

Published: Mar 2, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.

Affected (7)

Products: Microfocus: Edirectory · Netiq: Edirectory

1 product

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Microfocus Edirectory	Up to 8.8.8
Netiq Edirectory	Version 8.8.8 patch10
Netiq Edirectory	Version 8.8.8 patch5
Netiq Edirectory	Version 8.8.8 patch6
Netiq Edirectory	Version 8.8.8 patch7
Netiq Edirectory	Version 8.8.8 patch8
Netiq Edirectory	Version 8.8.8 patch9

Related CWEs

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

https://bugzilla.suse.com/show_bug.cgi?id=1024957

Source: security@opentext.com

https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html

Source: security@opentext.com

https://www.novell.com/support/kb/doc.php?id=3426981

Source: security@opentext.com

https://bugzilla.suse.com/show_bug.cgi?id=1024957

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.novell.com/support/kb/doc.php?id=3426981

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.