CVE-2017-5697
published 2017-06-14CVE-2017-5697: Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intel | active_management_technology_firmware | >= 10.0 < 10.0.50.1004 | 10.0.50.1004 |
| intel | active_management_technology_firmware | >= 11.0 < 11.0.0.1205 | 11.0.0.1205 |
| intel | active_management_technology_firmware | >= 11.6 < 11.6.25.1129 | 11.6.25.1129 |
| intel | active_management_technology_firmware | >= 9.1 < 9.1.40.1000 | 9.1.40.1000 |
| intel | active_management_technology_firmware | >= 9.5 < 9.5.60.1952 | 9.5.60.1952 |
| intel_corporation | active_mangement_technology | — | — |
| onelogin | ruby-saml | >= 0 < 1.11.0-1ubuntu0.1 | 1.11.0-1ubuntu0.1 |
| onelogin | ruby-saml | >= 0 < 1.13.0-1ubuntu0.1 | 1.13.0-1ubuntu0.1 |
| onelogin | ruby-saml | >= 0 < 1.15.0-1ubuntu0.24.04.1 | 1.15.0-1ubuntu0.24.04.1 |
| onelogin | ruby-saml | >= 0 < 1.1.2-1ubuntu1+esm1 | 1.1.2-1ubuntu1+esm1 |
| onelogin | ruby-saml | >= 0 < 1.7.2-1ubuntu0.1~esm1 | 1.7.2-1ubuntu0.1~esm1 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
osv7.5HIGH