CVE-2018-7678 — LOW (3.5) — White Hats Nepal

Vulnerability Description

A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.

CVSS Score

3.5

LOW

CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Netiq	Access Manager	4.3

Related Weaknesses (CWE)

CWE-79

References

http://www.securityfocus.com/bid/103421
https://www.netiq.com/support/kb/doc.php?id=7022724
http://www.securityfocus.com/bid/103421
https://www.netiq.com/support/kb/doc.php?id=7022724

FAQ

What is CVE-2018-7678?

CVE-2018-7678 is a vulnerability with a CVSS score of 3.5 (LOW). A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.

How severe is CVE-2018-7678?

CVE-2018-7678 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-7678?

Check the references section above for vendor advisories and patch information. Affected products include: Netiq Access Manager.