CVE-2017-7429

{"id": "CVE-2017-7429", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "security@opentext.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-03-02T20:29:00.490", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957", "source": "security@opentext.com"}, {"url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html", "source": "security@opentext.com"}, {"url": "https://www.novell.com/support/kb/doc.php?id=3426981", "source": "security@opentext.com"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.novell.com/support/kb/doc.php?id=3426981", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@opentext.com", "description": [{"lang": "en", "value": "CWE-434"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server."}, {"lang": "es", "value": "La subida de certificados en el plugin NetIQ eDirectory PKI, en versiones anteriores a 8.8.8 Patch 10 Hotfix 1, podr\u00eda aprovecharse para subir c\u00f3digo JSP que puede ser empleado por atacantes autenticados para ejecutar applets JSP en el servidor iManager."}], "lastModified": "2024-11-21T03:31:52.987", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:edirectory:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F84A12FE-0920-45C3-BF8F-6B9D1030AE0D", "versionEndIncluding": "8.8.8"}, {"criteria": "cpe:2.3:a:netiq:edirectory:8.8.8:patch10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4F19781-7439-4D43-9FE7-6ACB4C154513"}, {"criteria": "cpe:2.3:a:netiq:edirectory:8.8.8:patch5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1FD6CA7-4B36-4835-8841-C964BCC98400"}, {"criteria": "cpe:2.3:a:netiq:edirectory:8.8.8:patch6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92A0DBF5-B69E-49C5-8D70-137B27619AEE"}, {"criteria": "cpe:2.3:a:netiq:edirectory:8.8.8:patch7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC21192D-9C4A-4841-861F-127AB1C5F9F2"}, {"criteria": "cpe:2.3:a:netiq:edirectory:8.8.8:patch8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C60A8A5D-F154-4520-8CE1-2EC889484562"}, {"criteria": "cpe:2.3:a:netiq:edirectory:8.8.8:patch9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4942CADE-A224-4929-91D8-AD0D82BE7341"}], "operator": "OR"}]}], "sourceIdentifier": "security@opentext.com"}