CVE-2017-7426
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks.
Known Affected Software
3 configuration(s) from 1 vendor(s)
identity_manager
Version:
4.0.2
CPE:
cpe:2.3:a:netiq:identity_manager:4.0.2:*:*:*:*:*:*:*
identity_manager
Version:
4.5
CPE:
cpe:2.3:a:netiq:identity_manager:4.5:*:*:*:*:*:*:*
identity_manager
Version:
4.6
CPE:
cpe:2.3:a:netiq:identity_manager:4.6:*:*:*:*:*:*:*
This vulnerability affects 3 software configuration(s). Ensure you patch all affected systems.
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-611
Improper Restriction of XML External Entity Reference
- Description
- The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
- Typical Severity
- Medium
- Abstraction Level
- Base
Key Information
- Published Date
- March 01, 2018
