CVE-2011-1696
Summary
| CVE | CVE-2011-1696 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-10-08 02:52:52 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:M/Au:N/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Novell | Identity Manager Roles Based Provisioning Module | 3.6.0 | All | All | All |
| Application | Novell | Identity Manager Roles Based Provisioning Module | 3.6.1 | All | All | All |
| Application | Novell | Identity Manager Roles Based Provisioning Module | 3.7.0 | All | All | All |
| Application | Novell | Identity Manager Roles Based Provisioning Module | 4.0.0 | All | All | All |
| Application | Novell | Identity Manager User Application | 3.5.0 | All | All | All |
| Application | Novell | Identity Manager User Application | 3.5.1 | All | All | All |
| Application | Novell | Identity Manager User Application | 3.6.0 | All | All | All |
| Application | Novell | Identity Manager User Application | 3.6.1 | All | All | All |
| Application | Novell | Identity Manager User Application | 3.7.0 | All | All | All |
| Application | Novell | Identity Manager User Application | 4.0.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| HTTP 404 Page Not Found | af854a3a-2127-422b-91ae-364da2661108 | support.novell.com | |
| HTTP 404 Page Not Found | af854a3a-2127-422b-91ae-364da2661108 | support.novell.com | |
| Access Denied | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.novell.com | |
| HTTP 404 Page Not Found | af854a3a-2127-422b-91ae-364da2661108 | support.novell.com | |
| HTTP 404 Page Not Found | af854a3a-2127-422b-91ae-364da2661108 | support.novell.com | |
| HTTP 404 Page Not Found | af854a3a-2127-422b-91ae-364da2661108 | support.novell.com | |
| Novell Identity Manager 'apwaDetail' Multiple Cross Site Scripting Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| HTTP 404 Page Not Found | af854a3a-2127-422b-91ae-364da2661108 | support.novell.com | |
| Novell Identity Manager Roles Based Provisioning Module Input Validation Flaw in 'apwaDetailId' Permits Cross-Site Scripting Attacks - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.