{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-09-27T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 709603."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-10-19T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=709603"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.html"}, {"name": "1026138", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1026138"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.html"}, {"name": "49935", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/49935"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-2227", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 709603."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.html", "refsource": "CONFIRM", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.html"}, {"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.html", "refsource": "CONFIRM", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.html"}, {"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.html", "refsource": "CONFIRM", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.html"}, {"name": "https://bugzilla.novell.com/show_bug.cgi?id=709603", "refsource": "CONFIRM", "url": "https://bugzilla.novell.com/show_bug.cgi?id=709603"}, {"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.html", "refsource": "CONFIRM", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.html"}, {"name": "1026138", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026138"}, {"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.html", "refsource": "CONFIRM", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.html"}, {"name": "49935", "refsource": "BID", "url": "http://www.securityfocus.com/bid/49935"}, {"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.html", "refsource": "CONFIRM", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-2227", "datePublished": "2011-10-08T01:00:00", "dateReserved": "2011-06-02T00:00:00", "dateUpdated": "2011-10-19T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:novell:identity_manager_roles_based_provisioning_module:3.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "7D958125-0657-4CEF-A9DF-2F8FFCC1DFD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:identity_manager_roles_based_provisioning_module:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "6EBB3E8A-FA93-4D23-94F4-DBDDDBD3F861", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:identity_manager_roles_based_provisioning_module:3.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEABF136-E21F-4C79-B38B-A1F3464A4543", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:identity_manager_roles_based_provisioning_module:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "16C2B282-48E2-4358-8CBA-1291045EBD7D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:novell:identity_manager_user_application:3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "41A55426-2224-47C9-B218-18B2CA3EE410", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:identity_manager_user_application:3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "F3877FBC-1D03-43D0-8C20-2E28B56C8246", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:identity_manager_user_application:3.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "889F7CF3-D952-429E-AE5C-ACA9FDBFA5B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:identity_manager_user_application:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "D3A36FF9-5740-4180-8427-772942636826", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:identity_manager_user_application:3.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "91714BEF-75CE-456E-AB62-B5AAC29FFE39", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:identity_manager_user_application:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "26DF6A06-1EE3-4219-8EC6-11D84E0C9DC1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 709603."}, {"lang": "es", "value": "Vulnerabilidad de cross-site scripting (XSS) en Novell Identity Manager (tambi\u00e9n conocido como IDM) User Application v3.5.0, v3.5.1, v3.6.0, v3.6.1, v3.7.0 y v4.0.0, e Identity Manager Roles Based Provisioning Module v3.6.0, v3.6.1, v3.7.0,y v4.0.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro apwaDetail (tambi\u00e9n conocido como apwaDetailId), tambi\u00e9n conocido como Bug 709603."}], "id": "CVE-2011-2227", "lastModified": "2011-11-22T03:56:57.183", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-10-08T02:52:52.300", "references": [{"source": "cve@mitre.org", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111710.html"}, {"source": "cve@mitre.org", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5111711.html"}, {"source": "cve@mitre.org", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112230.html"}, {"source": "cve@mitre.org", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112250.html"}, {"source": "cve@mitre.org", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112270.html"}, {"source": "cve@mitre.org", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5112271.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/49935"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1026138"}, {"source": "cve@mitre.org", "url": "https://bugzilla.novell.com/show_bug.cgi?id=709603"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}