NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Imanager | Netiq | 2.7 (including) | 2.7 (including) |
Imanager | Netiq | 2.7.1 (including) | 2.7.1 (including) |
Imanager | Netiq | 2.7.2 (including) | 2.7.2 (including) |
Imanager | Netiq | 2.7.3 (including) | 2.7.3 (including) |
Imanager | Netiq | 2.7.4 (including) | 2.7.4 (including) |
Imanager | Netiq | 2.7.5 (including) | 2.7.5 (including) |
Imanager | Netiq | 2.7.6 (including) | 2.7.6 (including) |
Imanager | Netiq | 2.7.7-p10 (including) | 2.7.7-p10 (including) |
Imanager | Netiq | 2.7.7-p11 (including) | 2.7.7-p11 (including) |
Imanager | Netiq | 2.7.7-p4 (including) | 2.7.7-p4 (including) |
Imanager | Netiq | 2.7.7-p5 (including) | 2.7.7-p5 (including) |
Imanager | Netiq | 2.7.7-p6 (including) | 2.7.7-p6 (including) |
Imanager | Netiq | 2.7.7-p7 (including) | 2.7.7-p7 (including) |
Imanager | Netiq | 2.7.7-p8 (including) | 2.7.7-p8 (including) |
Imanager | Netiq | 2.7.7-p9 (including) | 2.7.7-p9 (including) |
Imanager | Netiq | 2.7.7.10-hf1 (including) | 2.7.7.10-hf1 (including) |
Imanager | Netiq | 2.7.7.10-hf2 (including) | 2.7.7.10-hf2 (including) |
Imanager | Netiq | 3.0 (including) | 3.0 (including) |
Imanager | Netiq | 3.0-sp1 (including) | 3.0-sp1 (including) |
Imanager | Netiq | 3.0-sp2 (including) | 3.0-sp2 (including) |
Imanager | Netiq | 3.0-sp3 (including) | 3.0-sp3 (including) |
Imanager | Netiq | 3.0-sp4 (including) | 3.0-sp4 (including) |
Imanager | Netiq | 3.0.2-p1 (including) | 3.0.2-p1 (including) |
Imanager | Netiq | 3.0.3 (including) | 3.0.3 (including) |