CVE-2017-9280

Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar.
Configurations

Configuration 1 (hide)

cpe:2.3:a:netiq:identity_manager:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-03-02 20:29

Updated : 2024-02-04 19:46


NVD link : CVE-2017-9280

Mitre link : CVE-2017-9280

CVE.ORG link : CVE-2017-9280


JSON object : View

Products Affected

netiq

  • identity_manager
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-598

Use of GET Request Method With Sensitive Query Strings