CVE-2017-7427

Name of the Vulnerable Software and Affected Versions iManager version 2.7.7.7 Identity Manager versions prior to 4.6.1

Description The issue allows for multiple cross-site scripting attacks in certain scenarios, enabling the execution of arbitrary JavaScript code in the context of the vulnerable application. This can occur via the user.Context in the Object Selector, vdtData in the Version discovery, nextFrame in the Object Inspector, and Host GUID in the System details plugins.

Recommendations For iManager version 2.7.7.7, update to a version that includes the fix for this issue. For Identity Manager versions prior to 4.6.1, update to version 4.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Object Selector, Version discovery, Object Inspector, and System details plugins until a patch is available.