CVE-2017-9280

Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar.

Published: Mar 2, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-9280
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
netiq / identity_manager	-	4.5.6.1

https://bugzilla.suse.com/show_bug.cgi?id=1049143
https://download.novell.com/Download?buildid=K7lbPAGJyIk~

Vulnerability Database

289,599

CVE-2017-9280