11 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security. NetIQ eDirectory, en versiones anteriores a la 9.0.2, podría ser susceptible bajo ciertas circunstancias a la degradación de la seguridad de las comunicaciones. • https://www.netiq.com/documentation/edirectory-9/edirectory902_releasenotes/data/edirectory902_releasenotes.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2 Aplicación incorrecta de las comprobaciones de autorización en eDirectory en versiones anteriores a la 9.1 SP2. • https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html • CWE-863: Incorrect Authorization •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 Vulnerabilidad Cross-Site Scripting (XSS) en eDirectory en versiones anteriores a la 9.1 SP2. • https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. Vulnerabilidad de redirección no validada en NetIQ eDirectory en versiones anteriores a la 9.1.1 HF1. • https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. Vulnerabilidad de fuga de información en NetIQ eDirectory en versiones anteriores a la 9.1.1 HF1 debido al uso de memoria compartida. This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Novell NetIQ Access Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of information in a shared memory section by the dhost service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. • https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •