Environment
NetIQ eDirectory 8.8.7.X all platforms
NetIQ eDirectory 8.8.6.X all platforms
NetIQ eDirectory 8.8.6.X all platforms
Situation
Specially crafted requests could exploit the site and allow for execution of scripts.
Resolution
To resolve this issue, please apply eDirectory 8.8.7.2 or newer for eDirectory 8.8.7.X and eDirectory 8.8.6.7 or newer for eDirectory 8.8.6.X on OES2. For eDirectory 8.8.6 on other platforms, it will be necessary to upgrade to eDirectory 8.8.7. Stand alone patches are available from https://dl.netiq.com
Additional Information
This vulnerability was reported by specialists at Positive Research, the Positive Technologies company research center.
CVE-2012-0428
CVE-2012-0428