CVE-2017-9280

Sažetak

Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar.

Reference

https://download.novell.com/Download?buildid=K7lbPAGJyIk~
https://bugzilla.suse.com/show_bug.cgi?id=1049143

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

07-11-2023 - 02:50

Objavljeno

02-03-2018 - 20:29