CVE-2017-9280

CVSS 4.3 - MEDIUM
Description

Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar.

Affected Products
1
Vendor Product Version
netiq identity_manager All versions
References
https://bugzilla.suse.com/show_bug.cgi?id=1049143
https://download.novell.com/Download?buildid=K7lbP...
https://bugzilla.suse.com/show_bug.cgi?id=1049143
https://download.novell.com/Download?buildid=K7lbP...
Weakness Types
CWE-598 CWE-200
CVE Information
CVE ID:
CVE-2017-9280
Published:
2018-03-02
Modified:
2024-11-21
CVSS Score:
4.3
Severity:
MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Vendors
netiq
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL