|
Description
|
|
Multiple vulnerabilities have been reported in Novell iManager, where one has an unknown impact and the others can be exploited by malicious people to manipulate certain data and conduct cross-site scripting and request forgery attacks.
1) Certain input related to the framework is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to perform certain actions when a logged-in user visits a specially crafted web page.
3) Certain input related to the schema plugin is not properly verified before being used to write files. This can be exploited to overwrite certain files.
4) An unspecified error exists in the schema plugin. No further information is currently available.
The vulnerabilities are reported in versions prior to 2.7 SP7 Patch 4.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Novell iManager 2.x
|
|
|
|
|
|
Solution
|
|
Update to version 2.7 SP7 Patch 4.
|
|
|
|
|
|
CVE
|
|
CVE-2014-5217
CVE-2014-5216
|
|
|
|
|
|
References
|
|
http://www.novell.com/support/kb/doc.php?id=7010166
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
