CVE-2017-5189

MEDIUM

NetIQ iManager <3.0.3 - Info Disclosure

Title source: llm

Description

NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.

References (2)

[Issue Tracking] https://bugzilla.suse.com/show_bug.cgi?id=1021637

[Various Sources] https://www.netiq.com/support/kb/doc.php?id=7016795

Scores

CVSS v3 4.3

EPSS 0.0017

EPSS Percentile 38.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-522 CWE-287

Status published

Affected Products (24)

netiq/imanager

... and 9 more

Timeline

Published Mar 02, 2018

Tracked Since Feb 18, 2026