CVE-2017-5189

MEDIUM

NetIQ iManager <3.0.3 - Info Disclosure

Title source: llm
STIX 2.1

Description

NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.

References (2)

Core 2
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1021637
Various Sources x_refsource_confirm
https://www.netiq.com/support/kb/doc.php?id=7016795

Scores

CVSS v3 4.3
EPSS 0.0119
EPSS Percentile 63.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-287 CWE-522
Status published
Products (12)
netiq/imanager 2.7
netiq/imanager 2.7.1
netiq/imanager 2.7.2
netiq/imanager 2.7.3
netiq/imanager 2.7.4
netiq/imanager 2.7.5
netiq/imanager 2.7.6
netiq/imanager 2.7.7 p10 (8 CPE variants)
netiq/imanager 2.7.7.10 hf1 (2 CPE variants)
netiq/imanager 3.0 (5 CPE variants)
... and 2 more
Published Mar 02, 2018
Tracked Since Feb 18, 2026