CVE-2017-9279

Summary

NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users.

Affected Software

VendorProductVersion RangeStatus
NetIQIdentity Managerunspecified < 4.5.6.1affected

Weaknesses

  • Upload of files possible that could be misused for other purposes
  • CWE-434: CWE-434

ADP Enrichment

CVE Program Container

Additional References

References