CVE-2017-9280

Published: Mar 2, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar.

Affected (1)

Products: Netiq: Identity Manager

Netiq

1 product

Identity Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Netiq Identity Manager	Before 4.5.6.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-598

Use of GET Request Method With Sensitive Query Strings

The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.

References (4)

https://bugzilla.suse.com/show_bug.cgi?id=1049143

Source: security@opentext.com

https://download.novell.com/Download?buildid=K7lbPAGJyIk~

Source: security@opentext.com

https://bugzilla.suse.com/show_bug.cgi?id=1049143

Source: af854a3a-2127-422b-91ae-364da2661108

https://download.novell.com/Download?buildid=K7lbPAGJyIk~

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.