CVE-2017-9277

low-risk
Published 2018-03-02

The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.

Do I need to act?

-
0.38% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.2/10 Medium
ADJACENT_NETWORK / HIGH complexity

Affected Products (4)

Edirectory
Edirectory
Edirectory
Edirectory

Affected Vendors

Novell

References (6)

https://bugzilla.suse.com/show_bug.cgi?id=1005473
https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data...
https://www.novell.com/support/kb/doc.php?id=7016794
https://bugzilla.suse.com/show_bug.cgi?id=1005473
https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data...
https://www.novell.com/support/kb/doc.php?id=7016794
22
/ 100
low-risk
Severity 11/34 · Low
Exploitability 1/34 · Minimal
Exposure 10/34 · Low