PT-2018-8241 · Netiq+1 · Netiq Imanager+2

Published

2018-03-02

Updated

2019-10-09

CVE-2017-5189

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: NetIQ iManager versions prior to 3.0.3

Description: The issue allows attackers to extract and use a SSL private key from a Java application (JAR file) used for authentication to Sentinel, enabling them to establish their own connections to the Sentinel appliance.

Recommendations: For versions prior to 3.0.3, update to version 3.0.3 or later to resolve the issue.

Fix

Insufficiently Protected Credentials

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-287

Related Identifiers

CVE-2017-5189

Affected Products

Java

Netiq Imanager

Sentinel

PT-2018-8241 · Netiq+1 · Netiq Imanager+2

CVE-2017-5189

Weakness Enumeration

Related Identifiers

Affected Products

References · 4