The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HMicrofocus Edirectory
APPMicrofocus≤ 8.8.8Netiq Edirectory
APPNetiq8.8.8
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2021-22532HIGH7.6ten sam produkt
Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText™ eDirect...
CVE-2021-38133HIGH7.4ten sam produkt
Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This...
CVE-2018-17950HIGH7.5ten sam produkt
Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2
CVE-2018-7686HIGH7.5ten sam produkt
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
CVE-2017-5186HIGH7.5ten sam produkt
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 ...