Filtered by vendor Netiq Subscriptions
Filtered by product Access Manager Subscriptions
Total 27 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-5751 1 Netiq 1 Access Manager 2024-11-21 N/A
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials.
CVE-2016-5750 1 Netiq 1 Access Manager 2024-11-21 N/A
The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users.
CVE-2016-5749 1 Netiq 1 Access Manager 2024-11-21 N/A
NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.
CVE-2016-5748 1 Netiq 1 Access Manager 2024-11-21 N/A
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users.
CVE-2024-4554 2 Microfocus, Netiq 2 Netiq Access Manager, Access Manager 2024-09-19 7.3 High
Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects NetIQ Access Manager before 5.0.4.1 and 5.1.
CVE-2024-4555 2 Microfocus, Netiq 2 Netiq Access Manager, Access Manager 2024-09-12 7.7 High
Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1
CVE-2024-4556 2 Microfocus, Netiq 2 Netiq Access Manager, Access Manager 2024-09-12 5.7 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1.