CVE-2017-5189 (GCVE-0-2017-5189)
Vulnerability from cvelistv5
Published
2018-03-02 20:00
Modified
2024-09-17 03:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Exposure of secret credentials in user exposed data
- CWE-522
Summary
NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1021637"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iManager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "3.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of secret credentials in user exposed data",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:44",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1021637"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
}
],
"source": {
"defect": [
"1021637"
],
"discovery": "UNKNOWN"
},
"title": "private SSL key embedded in JAR file in iManager",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-04-01T00:00:00.000Z",
"ID": "CVE-2017-5189",
"STATE": "PUBLIC",
"TITLE": "private SSL key embedded in JAR file in iManager"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iManager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.0.3"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of secret credentials in user exposed data"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1021637",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1021637"
},
{
"name": "https://www.netiq.com/support/kb/doc.php?id=7016795",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016795"
}
]
},
"source": {
"defect": [
"1021637"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-5189",
"datePublished": "2018-03-02T20:00:00Z",
"dateReserved": "2017-01-06T00:00:00",
"dateUpdated": "2024-09-17T03:59:02.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-5189\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2018-03-02T20:29:00.380\",\"lastModified\":\"2024-11-21T03:27:13.933\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.\"},{\"lang\":\"es\",\"value\":\"NetIQ iManager, en versiones anteriores a la 3.0.3, entregaba una clave privada SSL en una aplicaci\u00f3n Java (archivo JAR) para autenticaci\u00f3n en Sentinel, lo que permite que atacantes remotos extraigan y establezcan sus propias conexiones en la aplicaci\u00f3n de Sentinel.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9044A0FA-BD4E-4041-B16A-0C70551C65F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94134CE0-B4A4-477B-99E7-87F34B0F2CED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:2.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DB1AB4D-3906-4EDA-A514-FAE007A27095\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:2.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC9CA1AA-A933-4BB6-81F1-B803A2D12FB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:2.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56B58611-550D-408E-8104-71ACD4A19FAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:2.7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1842E298-D918-433F-9681-DF4AF9849029\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:2.7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C93EB7FE-4A3A-4273-B5B5-CF6473C4D1F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:2.7.7:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"46A640AB-5C61-4801-9EB3-DA4FD6C43FE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:2.7.7:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B6B6F6C-1CD2-4823-A224-DDFAC5FD7C6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:2.7.7:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"52355F37-8540-4868-A565-E2109DA7ABA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:2.7.7:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9B213A2-2BED-4D5F-86AA-E4FE29352E8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:2.7.7:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2413E8E-7B96-434D-BF9B-3C769F931157\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:2.7.7:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"A70BA4BB-6398-46C5-9E16-4536AAD30011\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:2.7.7:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"6644CB8E-DC8E-46F4-8EFF-CEF34EC40116\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:2.7.7:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"088DA16B-2DCA-4EA5-86BC-93796D9F0E73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:2.7.7.10:hf1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7447ECD4-EA24-45F9-BF0D-971D074EAB4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:2.7.7.10:hf2:*:*:*:*:*:*\",\"matchCriteriaId\":\"91F3BCB4-6160-48DA-8CFA-88BD1FED1C84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D3D7F7B-CF13-4729-BDC8-FA7C25EB0856\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:3.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A8EC935-B012-4F5C-AF33-3438EEA18BD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:3.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3A86186-B039-4F7F-BE13-A5C2987C63B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:3.0:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0C76139-7684-4E41-B8BC-5D9DC6B47ABA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:3.0:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9AF38F2-611C-4557-8CB8-FEA46F84A779\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:3.0.2:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F68364C6-7A48-49E7-BC89-6DF5181EEF2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:imanager:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2482872E-C1FE-4E4E-833A-A426CC4E1230\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1021637\",\"source\":\"security@opentext.com\"},{\"url\":\"https://www.netiq.com/support/kb/doc.php?id=7016795\",\"source\":\"security@opentext.com\"},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1021637\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.netiq.com/support/kb/doc.php?id=7016795\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…