CVE-2017-5189

CVSS 4.3 - MEDIUM
Description

NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.

Affected Products
24
Vendor Product Version
netiq imanager 2.7
netiq imanager 2.7.1
netiq imanager 2.7.2
netiq imanager 2.7.3
netiq imanager 2.7.4
netiq imanager 2.7.5
netiq imanager 2.7.6
netiq imanager 2.7.7
netiq imanager 2.7.7
netiq imanager 2.7.7
netiq imanager 2.7.7
netiq imanager 2.7.7
netiq imanager 2.7.7
netiq imanager 2.7.7
netiq imanager 2.7.7
netiq imanager 2.7.7.10
netiq imanager 2.7.7.10
netiq imanager 3.0
netiq imanager 3.0
netiq imanager 3.0
netiq imanager 3.0
netiq imanager 3.0
netiq imanager 3.0.2
netiq imanager 3.0.3
References
https://bugzilla.suse.com/show_bug.cgi?id=1021637
https://www.netiq.com/support/kb/doc.php?id=701679...
https://bugzilla.suse.com/show_bug.cgi?id=1021637
https://www.netiq.com/support/kb/doc.php?id=701679...
Weakness Types
CWE-522 CWE-287
CVE Information
CVE ID:
CVE-2017-5189
Published:
2018-03-02
Modified:
2024-11-21
CVSS Score:
4.3
Severity:
MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Vendors
netiq
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL