CVE-2017-7438 MEDIUM

CVE-2017-7438: DOM cross site scripting attack against NetIQ Privileged Account Manager

Vendor Netiq

Product Privileged Account Manager

Weakness CWE-79 · XSS

Published March 2, 2018

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

4.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter.

Key dates

02Disclosure timeline

March 2, 2018 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-7438 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2017-7438

CWE CWE-79

CVSS 4.6 / MEDIUM

Affected versions