CVE-2017-9279

Published: Mar 2, 2018Modified: Nov 21, 2024

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users.

Affected (1)

Products: Netiq: Identity Manager

1 product

Identity Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Netiq Identity Manager	Before 4.5.6.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://bugzilla.suse.com/show_bug.cgi?id=1049129

Source: security@opentext.com

https://download.novell.com/Download?buildid=K7lbPAGJyIk~

Source: security@opentext.com

https://bugzilla.suse.com/show_bug.cgi?id=1049129

Source: af854a3a-2127-422b-91ae-364da2661108

https://download.novell.com/Download?buildid=K7lbPAGJyIk~

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.