CVE-2022-26325 - OpenCVE

Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microfocus	Netiq Access Manager

Configuration 1 [-]

cpe:2.3:a:microfocus:netiq_access_manager:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h

History

No history.

MITRE

Status: PUBLISHED

Assigner: microfocus

Published: 2022-05-02T18:41:42

Updated: 2024-08-03T05:03:32.196Z

Reserved: 2022-02-28T00:00:00

Link: CVE-2022-26325

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-05-02T19:15:09.087

Modified: 2023-11-07T03:44:56.980

Link: CVE-2022-26325

Redhat

No data.

{"containers": {"cna": {"affected": [{"platforms": ["All"], "product": "NetIQ Access Manager", "vendor": "Micro Focus", "versions": [{"lessThan": "5.0.2", "status": "affected", "version": "NetIQ Access Manager", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-02T18:41:42", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"}], "source": {"discovery": "INTERNAL"}, "title": "Cross Site Scripting vulnerability in NetIQ Access Manager versions prior to version 5.0.2", "workarounds": [{"lang": "en", "value": "Install / Upgrade NetIQ Access Manager 5.0.2"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2022-26325", "STATE": "PUBLIC", "TITLE": "Cross Site Scripting vulnerability in NetIQ Access Manager versions prior to version 5.0.2"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NetIQ Access Manager", "version": {"version_data": [{"platform": "All", "version_affected": "<", "version_name": "NetIQ Access Manager", "version_value": "5.0.2"}]}}]}, "vendor_name": "Micro Focus"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h", "refsource": "CONFIRM", "url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"}]}, "source": {"discovery": "INTERNAL"}, "work_around": [{"lang": "en", "value": "Install / Upgrade NetIQ Access Manager 5.0.2"}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:03:32.196Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2022-26325", "datePublished": "2022-05-02T18:41:42", "dateReserved": "2022-02-28T00:00:00", "dateUpdated": "2024-08-03T05:03:32.196Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:netiq_access_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB428964-C331-41BA-9FE1-48DED60D17B2", "versionEndExcluding": "5.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2"}, {"lang": "es", "value": "Una vulnerabilidad de tipo Cross Site Scripting (XSS) Reflejado en NetIQ Access Manager versiones anteriores a 5.0.2"}], "id": "CVE-2022-26325", "lastModified": "2023-11-07T03:44:56.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 2.5, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2022-05-02T19:15:09.087", "references": [{"source": "security@opentext.com", "url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@opentext.com", "type": "Secondary"}]}