7.5

CVE-2017-5189

NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetiqImanager Version2.7
NetiqImanager Version2.7.1
NetiqImanager Version2.7.2
NetiqImanager Version2.7.3
NetiqImanager Version2.7.4
NetiqImanager Version2.7.5
NetiqImanager Version2.7.6
NetiqImanager Version2.7.7 Updatep10
NetiqImanager Version2.7.7 Updatep11
NetiqImanager Version2.7.7 Updatep4
NetiqImanager Version2.7.7 Updatep5
NetiqImanager Version2.7.7 Updatep6
NetiqImanager Version2.7.7 Updatep7
NetiqImanager Version2.7.7 Updatep8
NetiqImanager Version2.7.7 Updatep9
NetiqImanager Version2.7.7.10 Updatehf1
NetiqImanager Version2.7.7.10 Updatehf2
NetiqImanager Version3.0
NetiqImanager Version3.0 Updatesp1
NetiqImanager Version3.0 Updatesp2
NetiqImanager Version3.0 Updatesp3
NetiqImanager Version3.0 Updatesp4
NetiqImanager Version3.0.2 Updatep1
NetiqImanager Version3.0.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.391
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
security@opentext.com 4.3 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.