Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0672

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2004-0672
Last Modified 05 Sep 2008 04:39:04
Published 06 Aug 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-0672

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via (1) script that starts with %00 in the numOfExpressions parameter or (2) the mobjtype parameter.

Vulnerable Systems

Application

  • Netegrity Identityminder Web 5.6

  • Netegrity Identityminder Web 5.6 Sp1

  • Netegrity Identityminder Web 5.6 Sp2

  • Netegrity Policy Server 5.5


References

XF - identityminder-xss(16618)

BID - 10645

BUGTRAQ - 20040701 [HW-MED] XSS in Netegrity IdentityMinder


Last Updated: 27 May 2016 10:38:42