CVE-2017-7419
4.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Summary
A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NetIQ | Access Manager | 4.3 < 4.3.2 | affected |
| NetIQ | Access Manager | 4.2 < 4.2.4 | affected |
Weaknesses
- cross site scripting attack
- CWE-79: CWE-79
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.suse.com/show_bug.cgi?id=1031853
- https://www.novell.com/support/kb/doc.php?id=7019893
References
- https://bugzilla.suse.com/show_bug.cgi?id=1031853
- https://www.novell.com/support/kb/doc.php?id=7019893
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.