CVE-2017-9280
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar.
Known Affected Software
2 configuration(s) from 1 vendor(s)
identity_manager
Version:
4.0.2
CPE:
cpe:2.3:a:netiq:identity_manager:4.0.2:*:*:*:*:*:*:*
identity_manager
Version:
4.5
CPE:
cpe:2.3:a:netiq:identity_manager:4.5:*:*:*:*:*:*:*
This vulnerability affects 2 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
https://bugzilla.suse.com/show_bug.cgi?id=1049143security@opentext.com
-
https://download.novell.com/Download?buildid=K7lbPAGJyIk~security@opentext.com
-
https://bugzilla.suse.com/show_bug.cgi?id=1049143af854a3a-2127-422b-91ae-364da2661108
-
https://download.novell.com/Download?buildid=K7lbPAGJyIk~af854a3a-2127-422b-91ae-364da2661108
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-598
Use of GET Request Method With Sensitive Query Strings
- Description
- The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
- Typical Severity
- Medium
- Abstraction Level
- Variant
Key Information
- Published Date
- March 02, 2018
