Filtered by vendor Netiq Subscriptions
Filtered by product Access Manager Subscriptions
Total 27 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-5750 1 Netiq 1 Access Manager 2024-08-06 N/A
The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users.
CVE-2016-5748 1 Netiq 1 Access Manager 2024-08-06 N/A
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users.
CVE-2017-5191 1 Netiq 1 Access Manager 2024-08-05 N/A
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.
CVE-2017-5183 1 Netiq 1 Access Manager 2024-08-05 N/A
NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document.
CVE-2017-5190 1 Netiq 1 Access Manager 2024-08-05 N/A
NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile.
CVE-2018-7678 1 Netiq 1 Access Manager 2024-08-05 N/A
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.
CVE-2018-7677 1 Netiq 1 Access Manager 2024-08-05 N/A
A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.