Filtered by vendor Netiq
Subscriptions
Filtered by product Access Manager
Subscriptions
Total
27 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-5750 | 1 Netiq | 1 Access Manager | 2024-08-06 | N/A |
The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users. | ||||
CVE-2016-5748 | 1 Netiq | 1 Access Manager | 2024-08-06 | N/A |
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users. | ||||
CVE-2017-5191 | 1 Netiq | 1 Access Manager | 2024-08-05 | N/A |
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header. | ||||
CVE-2017-5183 | 1 Netiq | 1 Access Manager | 2024-08-05 | N/A |
NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document. | ||||
CVE-2017-5190 | 1 Netiq | 1 Access Manager | 2024-08-05 | N/A |
NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile. | ||||
CVE-2018-7678 | 1 Netiq | 1 Access Manager | 2024-08-05 | N/A |
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4. | ||||
CVE-2018-7677 | 1 Netiq | 1 Access Manager | 2024-08-05 | N/A |
A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component. |