Vulnerability Description
Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Identity Manager Roles Based Provisioning Module | 3.6.0 |
| Novell | Identity Manager User Application | 3.5.0 |
Related Weaknesses (CWE)
References
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.
- http://www.securityfocus.com/bid/49935
- http://www.securitytracker.com/id?1026138
- https://bugzilla.novell.com/show_bug.cgi?id=692972
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.
FAQ
What is CVE-2011-1696?
CVE-2011-1696 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0,...
How severe is CVE-2011-1696?
CVE-2011-1696 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1696?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Identity Manager Roles Based Provisioning Module, Novell Identity Manager User Application.