← volver
CVE-2017-7419

NetIQ Access Manager OAuth Consent screen XSS attack

CVSS 4.6 MEDIUMEPSS 0.8%CWE-79
A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Productos afectados
NetIQ · Access Manager

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://bugzilla.suse.com/show_bug.cgi?id=1031853https://www.novell.com/support/kb/doc.php?id=7019893