8.8

CVE-2017-7431

Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.

Data is provided by the National Vulnerability Database (NVD)
NovellImanager Version2.7
NovellImanager Version2.7 Updatesp1
NovellImanager Version2.7 Updatesp2
NovellImanager Version2.7 Updatesp3
NovellImanager Version2.7 Updatesp4
NovellImanager Version2.7 Updatesp4_patch1
NovellImanager Version2.7 Updatesp4_patch2
NovellImanager Version2.7 Updatesp4_patch3
NovellImanager Version2.7 Updatesp4_patch4
NovellImanager Version2.7 Updatesp5
NovellImanager Version2.7 Updatesp6
NovellImanager Version2.7 Updatesp7
NovellImanager Version2.7 Updatesp7_patch_1
NovellImanager Version2.7 Updatesp7_patch_10
NovellImanager Version2.7 Updatesp7_patch_2
NovellImanager Version2.7 Updatesp7_patch_3
NovellImanager Version2.7 Updatesp7_patch_4
NovellImanager Version2.7 Updatesp7_patch_5
NovellImanager Version2.7 Updatesp7_patch_6
NovellImanager Version2.7 Updatesp7_patch_7
NovellImanager Version2.7 Updatesp7_patch_8
NovellImanager Version2.7 Updatesp7_patch_9
NetiqImanager Version3.0
NetiqImanager Version3.0.1
NetiqImanager Version3.0.2
NetiqImanager Version3.0.2.1
NetiqImanager Version3.0.3
NetiqImanager Version3.0.3.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.28% 0.48
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.