Vulnerability Details : CVE-2016-1598
XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2016-1598
- cpe:2.3:a:novell:identity_manager:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:novell:identity_manager_identity_applications:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1598
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1598
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST | |
|
5.4
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
2.3
|
2.7
|
NIST |
CWE ids for CVE-2016-1598
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1598
-
http://www.securityfocus.com/bid/93833
Novell NetIQ Identity Manager CVE-2016-1598 Cross Site Scripting Vulnerability
-
https://download.novell.com/Download?buildid=xyswDCMsT7I~
Downloads - IDM 4.5 Identity Applications 4.5.6Patch;Vendor Advisory
Jump to