Arbitrary File Upload and Code Execution in NetIQ Identity Manager User Application Administration

Arbitrary File Upload and Code Execution in NetIQ Identity Manager User Application Administration

CVE-2017-9279 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users.

Learn more about our User Device Pen Test.