cvelist/2017/7xxx/CVE-2017-7426.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security@microfocus.com",
        "DATE_PUBLIC": "2017-08-03T00:00:00.000Z",
        "ID": "CVE-2017-7426",
        "STATE": "PUBLIC",
        "TITLE": "iManager - XML External Entity vulnerabilities"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Identity Manager Plug-ins",
                                "version": {
                                    "version_data": [
                                        {
                                            "affected": "<",
                                            "version_value": "4.6.1"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "NetIQ"
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "Pawel.Batunek@ingservicespolska.pl"
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "External XML Entity attacks"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://www.novell.com/support/kb/doc.php?id=7021173",
                "refsource": "CONFIRM",
                "url": "https://www.novell.com/support/kb/doc.php?id=7021173"
            }
        ]
    },
    "source": {
        "advisory": "7021173",
        "discovery": "EXTERNAL"
    }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
"-Synchronized-Data." 2019-03-18 01:45:57 +00:00			`"CVE_data_meta": {`
"-Synchronized-Data." 2021-01-06 17:02:36 +00:00			`"ASSIGNER": "security@microfocus.com",`
"-Synchronized-Data." 2019-03-18 01:45:57 +00:00			`"DATE_PUBLIC": "2017-08-03T00:00:00.000Z",`
			`"ID": "CVE-2017-7426",`
			`"STATE": "PUBLIC",`
			`"TITLE": "iManager - XML External Entity vulnerabilities"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Identity Manager Plug-ins",`
			`"version": {`
			`"version_data": [`
			`{`
			`"affected": "<",`
			`"version_value": "4.6.1"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "NetIQ"`
			`}`
			`]`
			`}`
			`},`
			`"credit": [`
			`{`
			`"lang": "eng",`
			`"value": "Pawel.Batunek@ingservicespolska.pl"`
			`}`
			`],`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
- Added submissions from Micro Focus from 2018-03-01. 2018-03-01 13:26:02 -05:00			`{`
"-Synchronized-Data." 2019-03-18 01:45:57 +00:00			`"lang": "eng",`
			`"value": "The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks."`
- Added submissions from Micro Focus from 2018-03-01. 2018-03-01 13:26:02 -05:00			`}`
"-Synchronized-Data." 2019-03-18 01:45:57 +00:00			`]`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "LOW",`
			`"baseScore": 5.4,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "LOW",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",`
			`"version": "3.0"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "External XML Entity attacks"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://www.novell.com/support/kb/doc.php?id=7021173",`
			`"refsource": "CONFIRM",`
			`"url": "https://www.novell.com/support/kb/doc.php?id=7021173"`
			`}`
			`]`
			`},`
			`"source": {`
			`"advisory": "7021173",`
			`"discovery": "EXTERNAL"`
			`}`
			`}`