Novell is now a part of Micro Focus

My Favorites


Please to see your favorites.

iManager - Multiple Reflected Cross-Site Scripting (CVE-2017-7427)

This document (7021423) is provided subject to the disclaimer at the end of this document.


iManager 2.7.7
iManager 3.0.1
Identity Manager iManager Plug-ins
Identity Manager 4.5


PEN tests were executed against the Identity Manager Plug-in, hosted on iManager In certain scenarios, it was possible to execute arbitrary JavaScript code in the context of vulnerable application.

Note: Special thanks to for finding and reporting this issue.


Fixed in the IDM 4.6.1 Identity Manager Plug-ins, dated July 10, 2017 or newer.


Security Alert


This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7021423
  • Creation Date:15-SEP-17
  • Modified Date:05-MAR-18
    • NetIQIdentity Manager

Did this document solve your problem? Provide Feedback