CVE-2017-5189

Published Mar 2, 2018

Last updated a year ago

CVSS high 7.5

Overview

Description: NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.
Source: security@opentext.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-287
security@opentext.com: CWE-522

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netiq:imanager:2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9044A0FA-BD4E-4041-B16A-0C70551C65F7"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:2.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94134CE0-B4A4-477B-99E7-87F34B0F2CED"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:2.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DB1AB4D-3906-4EDA-A514-FAE007A27095"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:2.7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC9CA1AA-A933-4BB6-81F1-B803A2D12FB2"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:2.7.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56B58611-550D-408E-8104-71ACD4A19FAA"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:2.7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1842E298-D918-433F-9681-DF4AF9849029"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:2.7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C93EB7FE-4A3A-4273-B5B5-CF6473C4D1F4"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46A640AB-5C61-4801-9EB3-DA4FD6C43FE5"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B6B6F6C-1CD2-4823-A224-DDFAC5FD7C6A"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52355F37-8540-4868-A565-E2109DA7ABA8"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9B213A2-2BED-4D5F-86AA-E4FE29352E8A"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2413E8E-7B96-434D-BF9B-3C769F931157"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A70BA4BB-6398-46C5-9E16-4536AAD30011"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6644CB8E-DC8E-46F4-8EFF-CEF34EC40116"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:2.7.7:p9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "088DA16B-2DCA-4EA5-86BC-93796D9F0E73"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:2.7.7.10:hf1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7447ECD4-EA24-45F9-BF0D-971D074EAB4D"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:2.7.7.10:hf2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91F3BCB4-6160-48DA-8CFA-88BD1FED1C84"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D3D7F7B-CF13-4729-BDC8-FA7C25EB0856"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:3.0:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A8EC935-B012-4F5C-AF33-3438EEA18BD0"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:3.0:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3A86186-B039-4F7F-BE13-A5C2987C63B6"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:3.0:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0C76139-7684-4E41-B8BC-5D9DC6B47ABA"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:3.0:sp4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9AF38F2-611C-4557-8CB8-FEA46F84A779"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:3.0.2:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F68364C6-7A48-49E7-BC89-6DF5181EEF2D"
          },
          {
            "criteria": "cpe:2.3:a:netiq:imanager:3.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2482872E-C1FE-4E4E-833A-A426CC4E1230"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References