Filtered by vendor Netiq
Subscriptions
Total
71 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-5750 | 1 Netiq | 1 Access Manager | 2024-08-06 | N/A |
The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users. | ||||
CVE-2016-5748 | 1 Netiq | 1 Access Manager | 2024-08-06 | N/A |
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users. | ||||
CVE-2016-1605 | 1 Netiq | 1 Sentinel | 2024-08-05 | N/A |
Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read arbitrary files via a PREVIEW value for the fileType field. | ||||
CVE-2016-1592 | 1 Netiq | 1 Identity Manager | 2024-08-05 | N/A |
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. | ||||
CVE-2016-1597 | 1 Netiq | 1 Access Governance Suite | 2024-08-05 | N/A |
A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator. | ||||
CVE-2017-9284 | 1 Netiq | 1 Identity Manager | 2024-08-05 | N/A |
IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information. | ||||
CVE-2017-9275 | 1 Netiq | 1 Identity Reporting | 2024-08-05 | N/A |
NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack. | ||||
CVE-2017-7428 | 1 Netiq | 1 Imanager | 2024-08-05 | N/A |
NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat. | ||||
CVE-2017-7431 | 2 Netiq, Novell | 2 Imanager, Imanager | 2024-08-05 | N/A |
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. | ||||
CVE-2017-7432 | 2 Netiq, Novell | 2 Imanager, Imanager | 2024-08-05 | N/A |
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. | ||||
CVE-2017-7430 | 2 Netiq, Novell | 2 Imanager, Imanager | 2024-08-05 | N/A |
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. | ||||
CVE-2017-7425 | 1 Netiq | 1 Imanager | 2024-08-05 | N/A |
Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2. | ||||
CVE-2017-5186 | 2 Netiq, Novell | 4 Edirectory, Imanager, Edirectory and 1 more | 2024-08-05 | N/A |
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. | ||||
CVE-2017-5191 | 1 Netiq | 1 Access Manager | 2024-08-05 | N/A |
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header. | ||||
CVE-2017-5183 | 1 Netiq | 1 Access Manager | 2024-08-05 | N/A |
NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document. | ||||
CVE-2017-5190 | 1 Netiq | 1 Access Manager | 2024-08-05 | N/A |
NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile. | ||||
CVE-2018-7673 | 1 Netiq | 1 Identity Manager | 2024-08-05 | N/A |
The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack. | ||||
CVE-2018-7678 | 1 Netiq | 1 Access Manager | 2024-08-05 | N/A |
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4. | ||||
CVE-2018-7676 | 1 Netiq | 1 Identity Manager | 2024-08-05 | N/A |
The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information. | ||||
CVE-2018-7674 | 1 Netiq | 1 Identity Manager | 2024-08-05 | N/A |
The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection. |