Vulnerability Details CVE-2017-7429
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- https://bugzilla.suse.com/show_bug.cgi?id=1024957
- https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html
- https://www.novell.com/support/kb/doc.php?id=3426981
- https://bugzilla.suse.com/show_bug.cgi?id=1024957
- https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html
- https://www.novell.com/support/kb/doc.php?id=3426981
Products affected by CVE-2017-7429
-
cpe:2.3:a:microfocus:edirectory:-
-
cpe:2.3:a:microfocus:edirectory:8.6
-
cpe:2.3:a:microfocus:edirectory:8.7
-
cpe:2.3:a:microfocus:edirectory:8.7.1
-
cpe:2.3:a:microfocus:edirectory:8.7.3
-
cpe:2.3:a:microfocus:edirectory:8.7.3.9
-
cpe:2.3:a:microfocus:edirectory:8.8
-
cpe:2.3:a:microfocus:edirectory:8.8.1
-
cpe:2.3:a:microfocus:edirectory:8.8.2
-
cpe:2.3:a:microfocus:edirectory:8.8.3
-
cpe:2.3:a:microfocus:edirectory:8.8.4
-
cpe:2.3:a:microfocus:edirectory:8.8.5
-
cpe:2.3:a:microfocus:edirectory:8.8.6
-
cpe:2.3:a:microfocus:edirectory:8.8.6.0
-
cpe:2.3:a:microfocus:edirectory:8.8.6.1
-
cpe:2.3:a:microfocus:edirectory:8.8.6.2
-
cpe:2.3:a:microfocus:edirectory:8.8.6.3
-
cpe:2.3:a:microfocus:edirectory:8.8.6.4
-
cpe:2.3:a:microfocus:edirectory:8.8.6.5
-
cpe:2.3:a:microfocus:edirectory:8.8.6.6
-
cpe:2.3:a:microfocus:edirectory:8.8.6.7
-
cpe:2.3:a:microfocus:edirectory:8.8.7
-
cpe:2.3:a:microfocus:edirectory:8.8.7.0
-
cpe:2.3:a:microfocus:edirectory:8.8.7.1
-
cpe:2.3:a:microfocus:edirectory:8.8.7.2
-
cpe:2.3:a:microfocus:edirectory:8.8.8
-
cpe:2.3:a:netiq:edirectory:8.8.8