← Back

CVE-2017-7431

nvd nist
Published: May 3, 2017Modified: May 13, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.

Affected (28)

Products: Novell: Imanager · Netiq: Imanager
Novell
1 product
Imanager
Netiq
1 product
Imanager
Configuration A
22 vulnerable
Vulnerable SoftwareAffected Versions
Novell
Imanager
Version 2.7
Imanager
Version 2.7 sp1
Imanager
Version 2.7 sp2
Imanager
Version 2.7 sp3
Imanager
Version 2.7 sp4
Imanager
Version 2.7 sp4_patch1
Imanager
Version 2.7 sp4_patch2
Imanager
Version 2.7 sp4_patch3
Imanager
Version 2.7 sp4_patch4
Imanager
Version 2.7 sp5
Imanager
Version 2.7 sp6
Imanager
Version 2.7 sp7
Imanager
Version 2.7 sp7_patch_10
Imanager
Version 2.7 sp7_patch_1
Imanager
Version 2.7 sp7_patch_2
Imanager
Version 2.7 sp7_patch_3
Imanager
Version 2.7 sp7_patch_4
Imanager
Version 2.7 sp7_patch_5
Imanager
Version 2.7 sp7_patch_6
Imanager
Version 2.7 sp7_patch_7
Imanager
Version 2.7 sp7_patch_8
Imanager
Version 2.7 sp7_patch_9
Configuration B
6 vulnerable
Vulnerable SoftwareAffected Versions
Netiq
Imanager
Version 3.0.1
Imanager
Version 3.0.2.1
Imanager
Version 3.0.2
Imanager
Version 3.0.3.1
Imanager
Version 3.0.3
Imanager
Version 3.0

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (12)

Source: security@opentext.com
Source: security@opentext.com
Source: security@opentext.com
Source: security@opentext.com
Source: security@opentext.com
Source: security@opentext.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.