CVE-2011-1696

Name of the Vulnerable Software and Affected Versions Novell Identity Manager (aka IDM) User Application versions 3.5.0 through 4.0.0 Novell Identity Manager Roles Based Provisioning Module versions 3.6.0 through 4.0.0

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (also known as apwaDetailId) parameter.

Recommendations For Novell Identity Manager (aka IDM) User Application versions 3.5.0 through 4.0.0, avoid using the apwaDetail parameter in affected API endpoints until the issue is resolved. For Novell Identity Manager Roles Based Provisioning Module versions 3.6.0 through 4.0.0, restrict access to the module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.