Security Vulnerability: eDirectory Cross Site Scripting exploit

  • 7011539
  • 18-Dec-2012
  • 27-Jan-2014

Environment

NetIQ eDirectory 8.8.7.X all platforms
NetIQ eDirectory 8.8.6.X all platforms

Situation

Specially crafted requests could exploit the site and allow for execution of scripts.

Resolution

To resolve this issue, please apply eDirectory 8.8.7.2 or newer for eDirectory 8.8.7.X and eDirectory 8.8.6.7 or newer for eDirectory 8.8.6.X on OES2.  For eDirectory 8.8.6 on other platforms, it will be necessary to upgrade to eDirectory 8.8.7.  Stand alone patches are available from https://dl.netiq.com

Additional Information

This vulnerability was reported by specialists at Positive Research, the Positive Technologies company research center.

CVE-2012-0428

Feedback service temporarily unavailable. For content questions or problems, please contact Support.