PT-2018-8377 · Netiq · Netiq Edirectory+1

Published

2018-03-02

Updated

2021-04-13

CVE-2017-7429

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NetIQ eDirectory versions prior to 8.8.8 Patch 10 Hotfix 1

Description The issue allows authenticated attackers to execute JSP applets on the iManager server by abusing the certificate upload feature in the NetIQ eDirectory PKI plugin.

Recommendations For versions prior to 8.8.8 Patch 10 Hotfix 1, update to 8.8.8 Patch 10 Hotfix 1 or later to resolve the issue.

Fix

Improper Certificate Validation

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295CWE-434

Related Identifiers

CVE-2017-7429

Affected Products

Netiq Edirectory

Imanager

PT-2018-8377 · Netiq · Netiq Edirectory+1

CVE-2017-7429

Weakness Enumeration

Related Identifiers

Affected Products

References · 5