CVE-2017-9280

MEDIUM

NetIQ Identity Manager <4.5.6.1 - Info Disclosure

Title source: llm

Description

Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar.

References (2)

[Various Sources] https://download.novell.com/Download?buildid=K7lbPAGJyIk~

[Issue Tracking] https://bugzilla.suse.com/show_bug.cgi?id=1049143

Scores

CVSS v3 4.3

EPSS 0.0020

EPSS Percentile 42.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200 CWE-598

Status published

Products (1)

netiq/identity_manager < 4.5.6.1

Published Mar 02, 2018

Tracked Since Feb 18, 2026