CVE-2016-1598

MEDIUM

NetIQ IDM <4.5.4 - XSS

Title source: llm

Description

XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages.

References (2)

[Various Sources] https://download.novell.com/Download?buildid=xyswDCMsT7I~

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93833

Scores

CVSS v3 5.4

EPSS 0.0027

EPSS Percentile 50.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (3)

novell/identity_manager

novell/identity_manager_identity_applications < 4.5.3

n/a/NetIQ IDM 4.5 Identity Applications before 4.5.4 < NetIQ IDM 4.5 Identity Applications before 4.5.4

Timeline

Published Oct 27, 2016

Tracked Since Feb 18, 2026