What is CVE-2017-14800?

CVE-2017-14800 is a medium-severity vulnerability in Netiq Access Manager, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2018-03-01.

How severe is CVE-2017-14800?

Medium severity. CVSS v3 base score is 5.4 out of 10.

XSS in Netiq Access Manager

CVE-2017-14800

A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.008 (50.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N.

Affected products

Netiq Access Manager — versions 4.3
Netiq Access_manager

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

security@opentext.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2017-14800?: CVE-2017-14800 is a medium-severity vulnerability in Netiq Access Manager, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2018-03-01.
How severe is CVE-2017-14800?: Medium severity. CVSS v3 base score is 5.4 out of 10.