Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Identity Manager Applications by NetIQ

    CVE-2017-9280 (GCVE-0-2017-9280)

    Vulnerability from nvd – Published: 2018-03-02 20:00 – Updated: 2024-09-16 17:42
    VLAI
    Title
    Novell Identity Manager User Application get request url contains the session token.
    Summary
    Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar.
    CWE
    • information exposure due to unencrypted credentials in GET Urls
    • CWE-598
    Assigner
    References
    Impacted products
    Vendor Product Version
    NetIQ Identity Manager Applications Affected: unspecified , < 4.5.6.1 (custom)
    Create a notification for this product.
    Date Public
    2017-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:02:44.156Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://download.novell.com/Download?buildid=K7lbPAGJyIk~"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1049143"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Identity Manager Applications",
              "vendor": "NetIQ",
              "versions": [
                {
                  "lessThan": "4.5.6.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information exposure due to unencrypted credentials in GET Urls",
                  "lang": "en",
                  "type": "text"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-598",
                  "description": "CWE-598",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:16:01.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://download.novell.com/Download?buildid=K7lbPAGJyIk~"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1049143"
            }
          ],
          "source": {
            "defect": [
              "1049143"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Novell Identity Manager User Application get request url contains the session token.",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2017-09-11T00:00:00.000Z",
              "ID": "CVE-2017-9280",
              "STATE": "PUBLIC",
              "TITLE": "Novell Identity Manager User Application get request url contains the session token."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Identity Manager Applications",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "4.5.6.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "information exposure due to unencrypted credentials in GET Urls"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-598"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://download.novell.com/Download?buildid=K7lbPAGJyIk~",
                  "refsource": "CONFIRM",
                  "url": "https://download.novell.com/Download?buildid=K7lbPAGJyIk~"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1049143",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1049143"
                }
              ]
            },
            "source": {
              "defect": [
                "1049143"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-9280",
        "datePublished": "2018-03-02T20:00:00.000Z",
        "dateReserved": "2017-05-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:42:50.340Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9280 (GCVE-0-2017-9280)

    Vulnerability from cvelistv5 – Published: 2018-03-02 20:00 – Updated: 2024-09-16 17:42
    VLAI
    Title
    Novell Identity Manager User Application get request url contains the session token.
    Summary
    Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar.
    CWE
    • information exposure due to unencrypted credentials in GET Urls
    • CWE-598
    Assigner
    References
    Impacted products
    Vendor Product Version
    NetIQ Identity Manager Applications Affected: unspecified , < 4.5.6.1 (custom)
    Create a notification for this product.
    Date Public
    2017-09-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:02:44.156Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://download.novell.com/Download?buildid=K7lbPAGJyIk~"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1049143"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Identity Manager Applications",
              "vendor": "NetIQ",
              "versions": [
                {
                  "lessThan": "4.5.6.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-09-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "information exposure due to unencrypted credentials in GET Urls",
                  "lang": "en",
                  "type": "text"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-598",
                  "description": "CWE-598",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:16:01.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://download.novell.com/Download?buildid=K7lbPAGJyIk~"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1049143"
            }
          ],
          "source": {
            "defect": [
              "1049143"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Novell Identity Manager User Application get request url contains the session token.",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2017-09-11T00:00:00.000Z",
              "ID": "CVE-2017-9280",
              "STATE": "PUBLIC",
              "TITLE": "Novell Identity Manager User Application get request url contains the session token."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Identity Manager Applications",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "4.5.6.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "information exposure due to unencrypted credentials in GET Urls"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-598"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://download.novell.com/Download?buildid=K7lbPAGJyIk~",
                  "refsource": "CONFIRM",
                  "url": "https://download.novell.com/Download?buildid=K7lbPAGJyIk~"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1049143",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1049143"
                }
              ]
            },
            "source": {
              "defect": [
                "1049143"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-9280",
        "datePublished": "2018-03-02T20:00:00.000Z",
        "dateReserved": "2017-05-29T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:42:50.340Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }