Description
Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/59450
Vendor Advisory x_refsource_confirm
http://www.novell.com/support/kb/doc.php?id=7010166
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/83761
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=807429
Scores
EPSS
0.0017
EPSS Percentile
37.3%
Details
CWE
CWE-287
Status
published
Products (8)
novell/imanager
2.7 refresh6 (7 CPE variants)
novell/imanager
2.7.0
novell/imanager
2.7.1
novell/imanager
2.7.2
novell/imanager
2.7.3 (4 CPE variants)
novell/imanager
2.7.4
novell/imanager
2.7.5
novell/imanager
< 2.7
Published
Apr 24, 2013
Tracked Since
Feb 18, 2026