Lucene search

[email protected]NVD:CVE-2017-5189

HistoryMar 02, 2018 - 8:29 p.m.

CVE-2017-5189

2018-03-0220:29:00

CWE-522

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.002

Percentile

54.7%

JSON

NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.

Affected configurations

Nvd

Node

netiqimanagerMatch2.7

netiqimanagerMatch2.7.1

netiqimanagerMatch2.7.2

netiqimanagerMatch2.7.3

netiqimanagerMatch2.7.4

netiqimanagerMatch2.7.5

netiqimanagerMatch2.7.6

netiqimanagerMatch2.7.7p10

netiqimanagerMatch2.7.7p11

netiqimanagerMatch2.7.7p4

netiqimanagerMatch2.7.7p5

netiqimanagerMatch2.7.7p6

netiqimanagerMatch2.7.7p7

netiqimanagerMatch2.7.7p8

netiqimanagerMatch2.7.7p9

netiqimanagerMatch2.7.7.10hf1

netiqimanagerMatch2.7.7.10hf2

netiqimanagerMatch3.0

netiqimanagerMatch3.0sp1

netiqimanagerMatch3.0sp2

netiqimanagerMatch3.0sp3

netiqimanagerMatch3.0sp4

netiqimanagerMatch3.0.2p1

netiqimanagerMatch3.0.3

VendorProductVersionCPE
netiqimanager2.7cpe:2.3:a:netiq:imanager:2.7:*:*:*:*:*:*:*
netiqimanager2.7.1cpe:2.3:a:netiq:imanager:2.7.1:*:*:*:*:*:*:*
netiqimanager2.7.2cpe:2.3:a:netiq:imanager:2.7.2:*:*:*:*:*:*:*
netiqimanager2.7.3cpe:2.3:a:netiq:imanager:2.7.3:*:*:*:*:*:*:*
netiqimanager2.7.4cpe:2.3:a:netiq:imanager:2.7.4:*:*:*:*:*:*:*
netiqimanager2.7.5cpe:2.3:a:netiq:imanager:2.7.5:*:*:*:*:*:*:*
netiqimanager2.7.6cpe:2.3:a:netiq:imanager:2.7.6:*:*:*:*:*:*:*
netiqimanager2.7.7cpe:2.3:a:netiq:imanager:2.7.7:p10:*:*:*:*:*:*
netiqimanager2.7.7cpe:2.3:a:netiq:imanager:2.7.7:p11:*:*:*:*:*:*
netiqimanager2.7.7cpe:2.3:a:netiq:imanager:2.7.7:p4:*:*:*:*:*:*

Vendor	Product	Version	CPE
netiq	imanager	2.7	cpe:2.3:a:netiq:imanager:2.7:::::::*
netiq	imanager	2.7.1	cpe:2.3:a:netiq:imanager:2.7.1:::::::*
netiq	imanager	2.7.2	cpe:2.3:a:netiq:imanager:2.7.2:::::::*
netiq	imanager	2.7.3	cpe:2.3:a:netiq:imanager:2.7.3:::::::*
netiq	imanager	2.7.4	cpe:2.3:a:netiq:imanager:2.7.4:::::::*
netiq	imanager	2.7.5	cpe:2.3:a:netiq:imanager:2.7.5:::::::*
netiq	imanager	2.7.6	cpe:2.3:a:netiq:imanager:2.7.6:::::::*
netiq	imanager	2.7.7	cpe:2.3:a:netiq:imanager:2.7.7:p10::::::
netiq	imanager	2.7.7	cpe:2.3:a:netiq:imanager:2.7.7:p11::::::
netiq	imanager	2.7.7	cpe:2.3:a:netiq:imanager:2.7.7:p4::::::

Rows per page:

1-10 of 241

References

bugzilla.suse.com/show_bug.cgi?id=1021637

www.netiq.com/support/kb/doc.php?id=7016795

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.002

Percentile

54.7%

JSON

Related for NVD:CVE-2017-5189

cvelist1 cve1 prion1