Vulnerability Description
Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 709603.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Identity Manager Roles Based Provisioning Module | 3.6.0 |
| Novell | Identity Manager User Application | 3.5.0 |
Related Weaknesses (CWE)
References
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.
- http://www.securityfocus.com/bid/49935
- http://www.securitytracker.com/id?1026138
- https://bugzilla.novell.com/show_bug.cgi?id=709603
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.
FAQ
What is CVE-2011-2227?
CVE-2011-2227 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0,...
How severe is CVE-2011-2227?
CVE-2011-2227 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2227?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Identity Manager Roles Based Provisioning Module, Novell Identity Manager User Application.