CVE-2017-5189Insufficiently Protected Credentials in Imanager

CWE-522Insufficiently Protected CredentialsCWE-287Improper Authentication3 documents3 sources
Severity
7.5HIGHNVD
CNA4.3
EPSS
0.2%
top 61.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netiq Imanager
Timeline
PublishedMar 2
Latest updateMay 13

Description

NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5netiq/imanagerunspecified3.0.3
NVDnetiq/imanager12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-3j2p-fcwj-8pcw: NetIQ iManager before 32022-05-13
CVEList
private SSL key embedded in JAR file in iManager2018-03-02
CVE-2017-5189 — Insufficiently Protected Credentials | cvebase