CVE-2017-7419: XSS
First published: Fri Mar 02 2018(Updated: )
A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Micro Focus Access Manager | >=4.2<4.2.4 | |
| Micro Focus Access Manager | >=4.3<4.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-7419?
CVE-2017-7419 is considered a medium severity vulnerability due to its potential for cross site scripting attacks.
How do I fix CVE-2017-7419?
To fix CVE-2017-7419, upgrade NetIQ Access Manager to version 4.2.4 or 4.3.2 or later.
What software versions are affected by CVE-2017-7419?
NetIQ Access Manager versions prior to 4.2.4 and 4.3.2 are affected by CVE-2017-7419.
What type of attack is enabled by CVE-2017-7419?
CVE-2017-7419 allows attackers to conduct cross site scripting attacks due to an unescaped description field.
Who is impacted by CVE-2017-7419?
Organizations using vulnerable versions of NetIQ Access Manager are at risk of attack due to CVE-2017-7419.
- agent/references
- agent/type
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/netiq
- canonical/micro focus netiq access manager
- version/micro focus netiq access manager/4.2
- version/micro focus netiq access manager/4.3