CVE-2017-7437

NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:netiq:privileged_account_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:netiq:privileged_account_manager:3.1:*:*:*:*:*:*:*
cpe:2.3:a:netiq:privileged_account_manager:3.1:hotfix1:*:*:*:*:*:*
cpe:2.3:a:netiq:privileged_account_manager:3.1:hotfix2:*:*:*:*:*:*

History

07 Nov 2023, 02:50

Type Values Removed Values Added
References (CONFIRM) https://www.netiq.com/documentation/privileged-account-manager-3/npam3103-release-notes/data/npam3103-release-notes.html - Vendor Advisory () https://www.netiq.com/documentation/privileged-account-manager-3/npam3103-release-notes/data/npam3103-release-notes.html -
References (CONFIRM) https://bugzilla.suse.com/show_bug.cgi?id=1001069 - Issue Tracking () https://bugzilla.suse.com/show_bug.cgi?id=1001069 -

Information

Published : 2018-03-05 16:29

Updated : 2024-02-28 16:25


NVD link : CVE-2017-7437

Mitre link : CVE-2017-7437

CVE.ORG link : CVE-2017-7437


JSON object : View

Products Affected

netiq

  • privileged_account_manager
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')