What is CVE-2017-7419?

CVE-2017-7419 is a medium-severity vulnerability in Netiq Access Manager, classified under Cross-site Scripting. CVSS score: 4.6/10. Published 2018-03-02.

How severe is CVE-2017-7419?

Medium severity. CVSS v3 base score is 4.6 out of 10.

XSS in Netiq Access Manager

CVE-2017-7419

A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.008 (50.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.6 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N.

Affected products

Netiq Access Manager — versions 4.2, 4.3
Netiq Access_manager

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

security@opentext.com (x_refsource_CONFIRM)
security@opentext.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2017-7419?: CVE-2017-7419 is a medium-severity vulnerability in Netiq Access Manager, classified under Cross-site Scripting. CVSS score: 4.6/10. Published 2018-03-02.
How severe is CVE-2017-7419?: Medium severity. CVSS v3 base score is 4.6 out of 10.