CVE-2017-7429

The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.

Published: Mar 2, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-7429
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-295

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
netiq / edirectory	8.8.8-patch10	8.8.8-patch10.x
netiq / edirectory	8.8.8-patch9	8.8.8-patch9.x
netiq / edirectory	8.8.8-patch8	8.8.8-patch8.x
netiq / edirectory	8.8.8-patch7	8.8.8-patch7.x
netiq / edirectory	8.8.8-patch6	8.8.8-patch6.x
netiq / edirectory	8.8.8-patch5	8.8.8-patch5.x
microfocus / edirectory	-	8.8.8.x

https://bugzilla.suse.com/show_bug.cgi?id=1024957
https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html
https://www.novell.com/support/kb/doc.php?id=3426981

Vulnerability Database

289,599

CVE-2017-7429