Skip to main content

Edirectory CVE-2016-5747

HIGH
Improper Access Control (CWE-284)
2017-03-23 security@opentext.com
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 23, 2017 - 06:59 cve.org
HIGH 7.5

DescriptionCVE.org

A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies.

AnalysisAI

A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-284. A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. Affected products include: Novell Edirectory. Version information: before 9.0.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2012-0432 CRITICAL POC
10.0 Dec 25

Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote at

CVE-2014-5213 MEDIUM POC
4.0 Dec 19

nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allo

CVE-2016-9167 HIGH
7.5 Mar 23

NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, whi

CVE-2017-5186 HIGH
7.5 Apr 27

Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch

CVE-2018-17950 HIGH
7.5 Dec 12

Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2. Rated high severity (CVSS 7.5), this vulne

CVE-2018-7686 HIGH
7.5 Aug 09

Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. Rated high severity (

CVE-2018-12461 HIGH
7.5 Jul 10

Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. Rated high severity (CVSS 7.5),

CVE-2018-1346 HIGH
7.5 Mar 21

Addresses denial of service attack to eDirectory versions prior to 9.1. Rated high severity (CVSS 7.5), this vulnerabili

CVE-2014-5212 MEDIUM
4.3 Dec 19

Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allo

CVE-2016-9168 MEDIUM
6.5 Mar 23

A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by r

CVE-2012-0430 MEDIUM
6.4 Dec 25

Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote

CVE-2018-17952 MEDIUM
6.1 Dec 12

Cross site scripting vulnerability in eDirectory prior to 9.1 SP2. Rated medium severity (CVSS 6.1), this vulnerability

Share

CVE-2016-5747 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy