CVE-2017-7429

moderate-risk
Published 2018-03-02

The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.

Do I need to act?

-
0.19% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (7)

Edirectory
Edirectory
Edirectory
Edirectory
Edirectory
Edirectory
Edirectory

Affected Vendors

Microfocus Netiq

References (6)

https://bugzilla.suse.com/show_bug.cgi?id=1024957
https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88...
https://www.novell.com/support/kb/doc.php?id=3426981
https://bugzilla.suse.com/show_bug.cgi?id=1024957
https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88...
https://www.novell.com/support/kb/doc.php?id=3426981
45
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 1/34 · Minimal
Exposure 14/34 · Moderate