CVE-2017-14802 - OpenCVE

Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netiq	Access Manager

Configuration 1 [-]

cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.novell.com/support/kb/doc.php?id=7022360

History

No history.

MITRE

Status: PUBLISHED

Assigner: microfocus

Published: 2018-03-02T20:00:00Z

Updated: 2024-09-17T02:41:52.181Z

Reserved: 2017-09-27T00:00:00

Link: CVE-2017-14802

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-03-02T20:29:00.317

Modified: 2023-11-07T02:39:12.623

Link: CVE-2017-14802

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Access Manager", "vendor": "NetIQ", "versions": [{"lessThan": "4.3.3", "status": "affected", "version": "4.3", "versionType": "custom"}]}], "datePublic": "2017-11-20T00:00:00", "descriptions": [{"lang": "en", "value": "Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "redirect to untrusted sites", "lang": "en", "type": "text"}]}, {"descriptions": [{"cweId": "CWE-601", "description": "CWE-601", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:26", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.novell.com/support/kb/doc.php?id=7022360"}], "source": {"advisory": "7022360", "discovery": "EXTERNAL"}, "title": "Unvalidated Redirect in NetIQ Access Manager after upgrading to NAM 4.3 AC and IDP URLs", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "DATE_PUBLIC": "2017-11-20T00:00:00.000Z", "ID": "CVE-2017-14802", "STATE": "PUBLIC", "TITLE": "Unvalidated Redirect in NetIQ Access Manager after upgrading to NAM 4.3 AC and IDP URLs"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Access Manager", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_name": "4.3", "version_value": "4.3.3"}]}}]}, "vendor_name": "NetIQ"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "redirect to untrusted sites"}]}, {"description": [{"lang": "eng", "value": "CWE-601"}]}]}, "references": {"reference_data": [{"name": "https://www.novell.com/support/kb/doc.php?id=7022360", "refsource": "CONFIRM", "url": "https://www.novell.com/support/kb/doc.php?id=7022360"}]}, "source": {"advisory": "7022360", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:34:39.997Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.novell.com/support/kb/doc.php?id=7022360"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2017-14802", "datePublished": "2018-03-02T20:00:00Z", "dateReserved": "2017-09-27T00:00:00", "dateUpdated": "2024-09-17T02:41:52.181Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A8EA971-4151-4119-B5DE-5BE07011A373", "versionEndIncluding": "4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites."}, {"lang": "es", "value": "Los servidores Novell Access Manager Admin Console y IDP en versiones anteriores a la 4.3.3 tienen una URL que podr\u00eda ser empleada por atacantes remotos para desencadenar redirecciones sin validar a sitios de terceros."}], "id": "CVE-2017-14802", "lastModified": "2023-11-07T02:39:12.623", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2018-03-02T20:29:00.317", "references": [{"source": "security@opentext.com", "url": "https://www.novell.com/support/kb/doc.php?id=7022360"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "security@opentext.com", "type": "Secondary"}]}