CVE-2017-14799 MEDIUM

CVE-2017-14799: XSS Vulnerability with ESP URL

Vendor Netiq
Product Access Manager
Published March 1, 2018
Last update September 16, 2024

CVSS base score

4.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page.

Key dates

02Disclosure timeline

March 1, 2018 CVE published
September 16, 2024 Record updated