CVE-2011-1696: XSS
First published: Sat Oct 08 2011(Updated: )
Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Novell Identity Manager Roles Based Provisioning Module | =3.6.0 | |
| Novell Identity Manager Roles Based Provisioning Module | =3.6.1 | |
| Novell Identity Manager Roles Based Provisioning Module | =4.0.0 | |
| Novell Identity Manager Roles Based Provisioning Module | =3.7.0 | |
| Novell Identity Manager | =3.5.1 | |
| Novell Identity Manager | =4.0.0 | |
| Novell Identity Manager | =3.6.0 | |
| Novell Identity Manager | =3.6.1 | |
| Novell Identity Manager | =3.5.0 | |
| Novell Identity Manager | =3.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.html
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.html
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.html
- https://bugzilla.novell.com/show_bug.cgi?id=692972
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.html
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.html
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.html
- http://www.securitytracker.com/id?1026138
- http://www.securityfocus.com/bid/49935
Frequently Asked Questions
What is the severity of CVE-2011-1696?
CVE-2011-1696 is classified as a medium severity cross-site scripting vulnerability.
How do I fix CVE-2011-1696?
To fix CVE-2011-1696, upgrade your Novell Identity Manager User Application or Roles Based Provisioning Module to a patched version.
Which versions of Novell Identity Manager are affected by CVE-2011-1696?
CVE-2011-1696 affects Novell Identity Manager User Application versions 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, as well as Roles Based Provisioning Module versions 3.6.0, 3.6.1, 3.7.0, and 4.0.0.
What impact does CVE-2011-1696 have on users?
The impact of CVE-2011-1696 allows attackers to inject arbitrary web script or HTML, leading to potential unauthorized actions on behalf of users.
Is there a workaround for CVE-2011-1696?
There are no official workarounds for CVE-2011-1696; the recommended action is to apply the necessary updates.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/novell
- canonical/novell identity manager roles based provisioning module
- version/novell identity manager roles based provisioning module/3.6.0
- version/novell identity manager roles based provisioning module/3.6.1
- version/novell identity manager roles based provisioning module/4.0.0
- version/novell identity manager roles based provisioning module/3.7.0
- canonical/novell identity manager
- version/novell identity manager/3.5.1
- version/novell identity manager/4.0.0
- version/novell identity manager/3.6.0
- version/novell identity manager/3.6.1
- version/novell identity manager/3.5.0
- version/novell identity manager/3.7.0