CVE-2017-7429

CVSS 8.8 - HIGH

Description

The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.

Affected Products

7

Vendor	Product	Version
microfocus	edirectory	`All versions`
netiq	edirectory	`8.8.8`
netiq	edirectory	`8.8.8`
netiq	edirectory	`8.8.8`
netiq	edirectory	`8.8.8`
netiq	edirectory	`8.8.8`
netiq	edirectory	`8.8.8`

References

https://bugzilla.suse.com/show_bug.cgi?id=1024957

https://www.netiq.com/documentation/edir88/edir888...

https://www.novell.com/support/kb/doc.php?id=34269...

https://bugzilla.suse.com/show_bug.cgi?id=1024957

https://www.netiq.com/documentation/edir88/edir888...

https://www.novell.com/support/kb/doc.php?id=34269...

Weakness Types

CWE-434 CWE-295

CVE Information

CVE ID:: CVE-2017-7429
Published:: 2018-03-02
Modified:: 2024-11-21
CVSS Score:: 8.8
Severity:: HIGH
Vector:: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Vendors

netiq microfocus

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL