Filtered by vendor Netiq
Subscribe
Total
67 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26322 | 1 Netiq | 1 Identity Manager Rest Driver | 2024-10-02 | N/A | 7.5 HIGH |
| Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager has been discovered in OpenTextâ„¢ Identity Manager REST Driver. This impact version before 1.1.2.0200. | |||||
| CVE-2020-11843 | 1 Netiq | 1 Access Manager | 2024-08-23 | N/A | 6.5 MEDIUM |
| This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before | |||||
| CVE-2005-1244 | 1 Netiq | 1 Pssecure | 2024-08-07 | 7.5 HIGH | N/A |
| ** DISPUTED ** Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable." | |||||
| CVE-2019-11648 | 1 Netiq | 1 Self Service Password Reset | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive information. | |||||
| CVE-2017-9275 | 1 Netiq | 1 Identity Reporting | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack. | |||||
| CVE-2018-1347 | 1 Netiq | 1 Imanager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting. | |||||
| CVE-2017-7437 | 1 Netiq | 1 Privileged Account Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests. | |||||
| CVE-2018-12462 | 1 Netiq | 1 Imanager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities. | |||||
| CVE-2018-7674 | 1 Netiq | 1 Identity Manager | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection. | |||||
| CVE-2017-14800 | 1 Netiq | 1 Access Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users. | |||||
| CVE-2017-7438 | 1 Netiq | 1 Privileged Account Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter. | |||||
| CVE-2018-12461 | 1 Netiq | 1 Edirectory | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. | |||||
| CVE-2018-1346 | 1 Netiq | 1 Edirectory | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Addresses denial of service attack to eDirectory versions prior to 9.1. | |||||
| CVE-2018-1345 | 1 Netiq | 1 Imanager | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack. | |||||
| CVE-2018-7677 | 1 Netiq | 1 Access Manager | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component. | |||||
| CVE-2018-1343 | 1 Netiq | 1 Privileged Account Manager | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| PAM exposure enabling unauthenticated access to remote host | |||||
| CVE-2017-9285 | 2 Microfocus, Netiq | 2 Edirectory, Edirectory | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. | |||||
| CVE-2017-9280 | 1 Netiq | 1 Identity Manager | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar. | |||||
| CVE-2018-1344 | 1 Netiq | 1 Imanager | 2024-02-04 | 5.0 MEDIUM | 8.6 HIGH |
| Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1 | |||||
| CVE-2017-7429 | 2 Microfocus, Netiq | 2 Edirectory, Edirectory | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. | |||||