CVE-2017-7425 (GCVE-0-2017-7425)
Vulnerability from cvelistv5 – Published: 2017-11-06 17:00 – Updated: 2024-08-05 16:04
VLAI
EPSS
VEX
Title
Multiple Reflected XSS in iManager
Summary
Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.
Severity
7.6 (High)
CWE
- XSS
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.novell.com/support/kb/doc.php?id=7016795 | x_refsource_CONFIRM |
| https://www.netiq.com/documentation/imanager-3/im… | x_refsource_CONFIRM |
| https://www.novell.com/support/kb/doc.php?id=7021423 | x_refsource_CONFIRM |
| https://www.netiq.com/documentation/imanager/iman… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ Corporation | NetIQ iManager |
Affected:
2.7.7 Patch 10 HF2
Affected: 3.0.3.2 |
Date Public
2017-11-06 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7021423"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ iManager",
"vendor": "NetIQ Corporation",
"versions": [
{
"status": "affected",
"version": "2.7.7 Patch 10 HF2"
},
{
"status": "affected",
"version": "3.0.3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks is given to Pawel.Batunek@ingservicespolska.pl for finding and reporting this issue as part of the responsible disclosure process.."
}
],
"datePublic": "2017-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:49.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7021423"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html"
}
],
"title": "Multiple Reflected XSS in iManager",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2017-7425",
"STATE": "PUBLIC",
"TITLE": "Multiple Reflected XSS in iManager"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ iManager",
"version": {
"version_data": [
{
"version_value": "2.7.7 Patch 10 HF2"
},
{
"version_value": "3.0.3.2"
}
]
}
}
]
},
"vendor_name": "NetIQ Corporation"
}
]
}
},
"credit": [
"Special thanks is given to Pawel.Batunek@ingservicespolska.pl for finding and reporting this issue as part of the responsible disclosure process.."
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7016795",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7016795"
},
{
"name": "https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7021423",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7021423"
},
{
"name": "https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html"
}
]
},
"solution": "See 2.7.7.10 release notes located here: https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html \nSee 3.0.3.2 release notes located here: https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-7425",
"datePublished": "2017-11-06T17:00:00.000Z",
"dateReserved": "2017-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:04:11.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-7425",
"date": "2026-07-19",
"epss": "0.00891",
"percentile": "0.55366"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netiq:imanager:*:patch_10:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.7.7\", \"matchCriteriaId\": \"32DC4B54-DDD2-4841-B235-42E0F23C6427\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netiq:imanager:3.0.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05BB70E3-58EA-43EC-BB10-A382A7405601\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.\"}, {\"lang\": \"es\", \"value\": \"Existen m\\u00faltiples problemas potenciales de XSS reflejado en NetIQ iManager en versiones anteriores a la 2.7.7 Patch 10 HF2 y 3.0.3.2.\"}]",
"id": "CVE-2017-7425",
"lastModified": "2024-11-21T03:31:52.513",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"security@opentext.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H\", \"baseScore\": 7.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 5.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2017-11-06T17:29:00.387",
"references": "[{\"url\": \"https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html\", \"source\": \"security@opentext.com\"}, {\"url\": \"https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html\", \"source\": \"security@opentext.com\"}, {\"url\": \"https://www.novell.com/support/kb/doc.php?id=7016795\", \"source\": \"security@opentext.com\"}, {\"url\": \"https://www.novell.com/support/kb/doc.php?id=7021423\", \"source\": \"security@opentext.com\"}, {\"url\": \"https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.novell.com/support/kb/doc.php?id=7016795\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.novell.com/support/kb/doc.php?id=7021423\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-7425\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2017-11-06T17:29:00.387\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.\"},{\"lang\":\"es\",\"value\":\"Existen m\u00faltiples problemas potenciales de XSS reflejado en NetIQ iManager en versiones anteriores a la 2.7.7 Patch 10 HF2 y 3.0.3.2.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H\",\"baseScore\":7.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:*:patch_10:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.7.7\",\"matchCriteriaId\":\"32DC4B54-DDD2-4841-B235-42E0F23C6427\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:3.0.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05BB70E3-58EA-43EC-BB10-A382A7405601\"}]}]}],\"references\":[{\"url\":\"https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html\",\"source\":\"security@opentext.com\"},{\"url\":\"https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html\",\"source\":\"security@opentext.com\"},{\"url\":\"https://www.novell.com/support/kb/doc.php?id=7016795\",\"source\":\"security@opentext.com\"},{\"url\":\"https://www.novell.com/support/kb/doc.php?id=7021423\",\"source\":\"security@opentext.com\"},{\"url\":\"https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.novell.com/support/kb/doc.php?id=7016795\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.novell.com/support/kb/doc.php?id=7021423\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…