Описание
NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users.
Уязвимые конфигурации
Конфигурация 1Версия до 4.5.6.1 (исключая)
cpe:2.3:a:netiq:identity_manager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00176
Низкий
2 Low
CVSS3
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-434
CWE-20
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users.
EPSS
Процентиль: 39%
0.00176
Низкий
2 Low
CVSS3
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-434
CWE-20