CVE-2017-5189
private SSL key embedded in JAR file in iManager
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.
NetIQ iManager, en versiones anteriores a la 3.0.3, entregaba una clave privada SSL en una aplicación Java (archivo JAR) para autenticación en Sentinel, lo que permite que atacantes remotos extraigan y establezcan sus propias conexiones en la aplicación de Sentinel.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-01-06 CVE Reserved
- 2018-03-02 CVE Published
- 2023-03-07 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1021637 | X_refsource_confirm | |
https://www.netiq.com/support/kb/doc.php?id=7016795 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 2.7 Search vendor "Netiq" for product "Imanager" and version "2.7" | - |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 2.7.1 Search vendor "Netiq" for product "Imanager" and version "2.7.1" | - |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 2.7.2 Search vendor "Netiq" for product "Imanager" and version "2.7.2" | - |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 2.7.3 Search vendor "Netiq" for product "Imanager" and version "2.7.3" | - |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 2.7.4 Search vendor "Netiq" for product "Imanager" and version "2.7.4" | - |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 2.7.5 Search vendor "Netiq" for product "Imanager" and version "2.7.5" | - |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 2.7.6 Search vendor "Netiq" for product "Imanager" and version "2.7.6" | - |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 2.7.7 Search vendor "Netiq" for product "Imanager" and version "2.7.7" | p10 |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 2.7.7 Search vendor "Netiq" for product "Imanager" and version "2.7.7" | p11 |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 2.7.7 Search vendor "Netiq" for product "Imanager" and version "2.7.7" | p4 |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 2.7.7 Search vendor "Netiq" for product "Imanager" and version "2.7.7" | p5 |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 2.7.7 Search vendor "Netiq" for product "Imanager" and version "2.7.7" | p6 |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 2.7.7 Search vendor "Netiq" for product "Imanager" and version "2.7.7" | p7 |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 2.7.7 Search vendor "Netiq" for product "Imanager" and version "2.7.7" | p8 |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 2.7.7 Search vendor "Netiq" for product "Imanager" and version "2.7.7" | p9 |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 2.7.7.10 Search vendor "Netiq" for product "Imanager" and version "2.7.7.10" | hf1 |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 2.7.7.10 Search vendor "Netiq" for product "Imanager" and version "2.7.7.10" | hf2 |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 3.0 Search vendor "Netiq" for product "Imanager" and version "3.0" | - |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 3.0 Search vendor "Netiq" for product "Imanager" and version "3.0" | sp1 |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 3.0 Search vendor "Netiq" for product "Imanager" and version "3.0" | sp2 |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 3.0 Search vendor "Netiq" for product "Imanager" and version "3.0" | sp3 |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 3.0 Search vendor "Netiq" for product "Imanager" and version "3.0" | sp4 |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 3.0.2 Search vendor "Netiq" for product "Imanager" and version "3.0.2" | p1 |
Affected
| ||||||
Netiq Search vendor "Netiq" | Imanager Search vendor "Netiq" for product "Imanager" | 3.0.3 Search vendor "Netiq" for product "Imanager" and version "3.0.3" | - |
Affected
|