CVE-2017-9285

MEDIUM

NetIQ eDirectory <9.0 SP4 - Privilege Escalation

Title source: llm

NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.

Core 3

Core References

Vendor Advisory x_refsource_confirm

Various Sources x_refsource_confirm

Issue Tracking x_refsource_confirm

CVSS v3 5.4

EPSS 0.0021

EPSS Percentile 43.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-284 CWE-287

Status published

Products (2)

microfocus/edirectory < 9.0

netiq/edirectory 9.0 sp1 (3 CPE variants)

Published Mar 02, 2018

Tracked Since Feb 18, 2026