CVE-2017-7419

NetIQ Access Manager OAuth Consent screen XSS attack

CVSS 4.6 MEDIUMEPSS 0.8%CWE-79

A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Affected products

NetIQ · Access Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.suse.com/show_bug.cgi?id=1031853 https://www.novell.com/support/kb/doc.php?id=7019893