NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.
References
Link | Resource |
---|---|
https://www.netiq.com/support/kb/doc.php?id=7016795 | Vendor Advisory |
https://bugzilla.suse.com/show_bug.cgi?id=1021637 | Permissions Required |
Configurations
Configuration 1 (hide)
|
Information
Published : 2018-03-02 12:29
Updated : 2019-10-09 16:28
NVD link : CVE-2017-5189
Mitre link : CVE-2017-5189
JSON object : View
CWE
CWE-287
Improper Authentication
Products Affected
netiq
- imanager