CVE-2017-7432

CVE	CVE-2017-7432
State	PUBLISHED
Assigner	microfocus
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-05-03 05:59:00 UTC
Updated	2025-04-20 01:37:25 UTC
Description	Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability.

Primary CVSS: v3.0 9.8 CRITICAL from [email protected]

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem Types: NVD-CWE-noinfo | webshell upload

Version	Source	Type	Score	Severity	Vector
3.0	[email protected]	Primary	9.8	CRITICAL	`CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
2.0	[email protected]	Primary	7.5		`AV:N/AC:L/Au:N/C:P/I:P/A:P`

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Type	Vendor	Product	Version	Update	Edition	Language
Application	Netiq	Imanager	3.0	All	All	All
Application	Netiq	Imanager	3.0.1	All	All	All
Application	Netiq	Imanager	3.0.2	All	All	All
Application	Netiq	Imanager	3.0.2.1	All	All	All
Application	Netiq	Imanager	3.0.3	All	All	All
Application	Netiq	Imanager	3.0.3.1	All	All	All
Application	Novell	Imanager	2.7	All	All	All
Application	Novell	Imanager	2.7	sp1	All	All
Application	Novell	Imanager	2.7	sp2	All	All
Application	Novell	Imanager	2.7	sp3	All	All
Application	Novell	Imanager	2.7	sp4	All	All
Application	Novell	Imanager	2.7	sp4_patch1	All	All
Application	Novell	Imanager	2.7	sp4_patch2	All	All
Application	Novell	Imanager	2.7	sp4_patch3	All	All
Application	Novell	Imanager	2.7	sp4_patch4	All	All
Application	Novell	Imanager	2.7	sp5	All	All
Application	Novell	Imanager	2.7	sp6	All	All
Application	Novell	Imanager	2.7	sp7	All	All
Application	Novell	Imanager	2.7	sp7_patch_1	All	All
Application	Novell	Imanager	2.7	sp7_patch_10	All	All
Application	Novell	Imanager	2.7	sp7_patch_2	All	All
Application	Novell	Imanager	2.7	sp7_patch_3	All	All
Application	Novell	Imanager	2.7	sp7_patch_4	All	All
Application	Novell	Imanager	2.7	sp7_patch_5	All	All
Application	Novell	Imanager	2.7	sp7_patch_6	All	All
Application	Novell	Imanager	2.7	sp7_patch_7	All	All
Application	Novell	Imanager	2.7	sp7_patch_8	All	All
Application	Novell	Imanager	2.7	sp7_patch_9	All	All

Source	Vendor	Product	Version	Platforms
CNA	Na	Novell IManager 2.7.x Before 2.7 SP7 Patch 10 HF1 And NetIQ IManager 3.x Before 3.0.3.1	affected Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1	Not specified

Reference	Source	Link	Tags
Downloads - iManager 3.0.3.1	af854a3a-2127-422b-91ae-364da2661108	dl.netiq.com
Support \| History of Issues Resolved for Novell iManager 2.7	af854a3a-2127-422b-91ae-364da2661108	www.novell.com
Support \| History of Issues Resolved for iManager 3.x	af854a3a-2127-422b-91ae-364da2661108	www.netiq.com
Downloads - iManager 2.7 Support Pack 7 - Patch 10 Hotfix 1	af854a3a-2127-422b-91ae-364da2661108	dl.netiq.com
Access Denied	af854a3a-2127-422b-91ae-364da2661108	bugzilla.novell.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.