Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Identity Manager | All versions |
| Novell | Identity Manager Roles Based Provisioning Module | <= 3.7.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/70298
- http://secunia.com/advisories/42819Vendor Advisory
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5085293.
- http://www.securityfocus.com/bid/45692
- http://www.securitytracker.com/id?1024941
- http://www.vupen.com/english/advisories/2011/0038Vendor Advisory
- https://bugzilla.novell.com/show_bug.cgi?id=653516
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64501
- http://osvdb.org/70298
- http://secunia.com/advisories/42819Vendor Advisory
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5085293.
- http://www.securityfocus.com/bid/45692
- http://www.securitytracker.com/id?1024941
- http://www.vupen.com/english/advisories/2011/0038Vendor Advisory
- https://bugzilla.novell.com/show_bug.cgi?id=653516
FAQ
What is CVE-2010-4324?
CVE-2010-4324 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attack...
How severe is CVE-2010-4324?
CVE-2010-4324 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4324?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Identity Manager, Novell Identity Manager Roles Based Provisioning Module.