Vulnerability Description
OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name.
CVSS Score
6.1
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openidm Project | Openidm | <= 4.0.0 |
Related Weaknesses (CWE)
References
- http://www.rootlabs.com.br/forgerock-persistent-and-reflected-cross-site-scriptiExploitThird Party Advisory
- http://www.securityfocus.com/bid/98044
- https://backstage.forgerock.com/knowledge/kb/article/a92936505MitigationThird Party Advisory
- http://www.rootlabs.com.br/forgerock-persistent-and-reflected-cross-site-scriptiExploitThird Party Advisory
- http://www.securityfocus.com/bid/98044
- https://backstage.forgerock.com/knowledge/kb/article/a92936505MitigationThird Party Advisory
FAQ
What is CVE-2017-7590?
CVE-2017-7590 is a vulnerability with a CVSS score of 6.1 (MEDIUM). OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name.
How severe is CVE-2017-7590?
CVE-2017-7590 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7590?
Check the references section above for vendor advisories and patch information. Affected products include: Openidm Project Openidm.