CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7425 – Multiple Reflected XSS in iManager
https://notcve.org/view.php?id=CVE-2017-7425
Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2. Existen múltiples problemas potenciales de XSS reflejado en NetIQ iManager en versiones anteriores a la 2.7.7 Patch 10 HF2 y 3.0.3.2. • https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html https://www.novell.com/support/kb/doc.php?id=7016795 https://www.novell.com/support/kb/doc.php?id=7021423 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 0CVE-2017-7430
https://notcve.org/view.php?id=CVE-2017-7430
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. Novell iManager en versiones 2.7.x anteriores a la 2.7 SP7 Patch 10 HF1 y NetIQ iManager versiones 3.x anteriores a la 3.0.3.1 presentan una vulnerabilidad de XSS persistente en el Framework. • https://bugzilla.novell.com/show_bug.cgi?id=1024959 https://bugzilla.novell.com/show_bug.cgi?id=1030691 https://dl.netiq.com/Download?buildid=24FxpmqdThE~ https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~ https://www.netiq.com/support/kb/doc.php? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 28EXPL: 0CVE-2017-7432
https://notcve.org/view.php?id=CVE-2017-7432
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. Novell iManager 2.7.x antes 2.7 SP7 Patch 10 HF1 y NetIQ iManager 3.x antes 3.0.3.1 tienen una vulnerabilidad de carga de webshell. • https://bugzilla.novell.com/show_bug.cgi?id=1027619 https://dl.netiq.com/Download?buildid=24FxpmqdThE~ https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~ https://www.netiq.com/support/kb/doc.php?id=7016795 https://www.novell.com/support/kb/doc.php? •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2017-7428
https://notcve.org/view.php?id=CVE-2017-7428
NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat. NetIQ iManager 3.x antes de 3.0.3.1 tiene un problema en la renegociación de los parámetros de conexión con Tomcat. • https://bugzilla.novell.com/show_bug.cgi?id=1029431 https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~ https://www.netiq.com/support/kb/doc.php?id=7016795 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2017-7431
https://notcve.org/view.php?id=CVE-2017-7431
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. Novell iManager 2.7.x antes 2.7 SP7 Patch 10 HF1 y NetIQ iManager 3.x antes 3.0.3.1 tienen un CSRF persistente en la gestión de objetos. • https://bugzilla.novell.com/show_bug.cgi?id=1024963 https://bugzilla.novell.com/show_bug.cgi?id=1030692 https://dl.netiq.com/Download?buildid=24FxpmqdThE~ https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~ https://www.netiq.com/support/kb/doc.php? • CWE-352: Cross-Site Request Forgery (CSRF) •