CVE-2017-7426

The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks.

Published: Mar 1, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-7426
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:N/A:P

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
netiq / identity_manager	-	4.6.1

https://www.novell.com/support/kb/doc.php?id=7021173

Vulnerability Database

289,599

CVE-2017-7426