← voltar
CVE-2017-7419

NetIQ Access Manager OAuth Consent screen XSS attack

CVSS 4.6 MEDIUMEPSS 0.8%CWE-79
A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Produtos afetados
NetIQ · Access Manager

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://bugzilla.suse.com/show_bug.cgi?id=1031853https://www.novell.com/support/kb/doc.php?id=7019893