CVE-2006-4803
CVE-2006-4803 is a high-severity vulnerability in Netiq Identity Manager with a CVSS 2.0 base score of 7.2. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 2.0 base score 7.2)
- EPSS exploit prediction: 0% (39th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Netiq Identity Manager
- Published:
- Last modified:
Description
The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and "code injection."
Frequently asked questions
- What is CVE-2006-4803?
- The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and "code injection."
- How severe is CVE-2006-4803?
- CVE-2006-4803 has a CVSS 2.0 base score of 7.2, rated high severity.
- Is CVE-2006-4803 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (39th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2006-4803?
- CVE-2006-4803 affects Netiq Identity Manager. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2006-4803?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2006-4803 published?
- CVE-2006-4803 was published on 2006-09-14 and last updated on 2026-06-16.
References
- http://secunia.com/advisories/21888
- http://securitytracker.com/id?1016853
- http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974421.htm
- http://www.securityfocus.com/bid/20016
- http://www.vupen.com/english/advisories/2006/3607
Affected products (1)
- cpe:2.3:a:netiq:identity_manager:3.0.1:*:*:*:*:*:*:*
More vulnerabilities in Netiq Identity Manager
- CVE-2016-1592 — Medium (CVSS 6.1): XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the…
- CVE-2015-0787 — Medium (CVSS 6.1): XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the…
- CVE-2017-7427 — Medium (CVSS 5.4): Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before…
- CVE-2017-7426 — Medium (CVSS 5.4): The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that…
- CVE-2018-1348 — Medium (CVSS 5.3): NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result…
- CVE-2018-7673 — Medium (CVSS 5.1): The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack.