Lucene search

[email protected]CVE-2011-1696

HistoryOct 08, 2011 - 2:52 a.m.

CVE-2011-1696

2011-10-0802:52:52

CWE-79

[email protected]

web.nvd.nist.gov

cve-2011-1696

cross-site scripting

xss

novell identity manager

idm

user application

roles based provisioning module

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.4%

JSON

Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972.

Affected configurations

NVD

Node

novellidentity_manager_roles_based_provisioning_moduleMatch3.6.0

novellidentity_manager_roles_based_provisioning_moduleMatch3.6.1

novellidentity_manager_roles_based_provisioning_moduleMatch3.7.0

novellidentity_manager_roles_based_provisioning_moduleMatch4.0.0

Node

novellidentity_manager_user_applicationMatch3.5.0

novellidentity_manager_user_applicationMatch3.5.1

novellidentity_manager_user_applicationMatch3.6.0

novellidentity_manager_user_applicationMatch3.6.1

novellidentity_manager_user_applicationMatch3.7.0

novellidentity_manager_user_applicationMatch4.0.0

CPENameOperatorVersion
novell:identity_manager_roles_based_provisioning_modulenovell identity manager roles based provisioning moduleeq3.6.0
novell:identity_manager_roles_based_provisioning_modulenovell identity manager roles based provisioning moduleeq3.6.1
novell:identity_manager_roles_based_provisioning_modulenovell identity manager roles based provisioning moduleeq3.7.0
novell:identity_manager_roles_based_provisioning_modulenovell identity manager roles based provisioning moduleeq4.0.0

CPE	Name	Operator	Version
novell:identity_manager_roles_based_provisioning_module	novell identity manager roles based provisioning module	eq	3.6.0
novell:identity_manager_roles_based_provisioning_module	novell identity manager roles based provisioning module	eq	3.6.1
novell:identity_manager_roles_based_provisioning_module	novell identity manager roles based provisioning module	eq	3.7.0
novell:identity_manager_roles_based_provisioning_module	novell identity manager roles based provisioning module	eq	4.0.0

References

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.html

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.html

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.html

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.html

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.html

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.html

www.securityfocus.com/bid/49935

www.securitytracker.com/id?1026138

bugzilla.novell.com/show_bug.cgi?id=692972

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.4%

JSON

Related for CVE-2011-1696

cvelist1 nvd1 prion1