CVE-2018-12461 – Certificate Revocation Check failure
https://notcve.org/view.php?id=CVE-2018-12461
Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. Problemas solucionados con NetIQ eDirectory en versiones anteriores a la 9.1.1 al comprobar la revocación de certificados. • https://www.netiq.com/support/kb/doc.php?id=7016794 • CWE-295: Improper Certificate Validation •
CVE-2018-1346 – NetIQ eDirectory Denial of Service
https://notcve.org/view.php?id=CVE-2018-1346
Addresses denial of service attack to eDirectory versions prior to 9.1. Se trata de un ataque de denegación de servicio (DoS) en eDirectory, en versiones anteriores a la 9.1. • http://www.securityfocus.com/bid/103493 https://www.netiq.com/documentation/edirectory-91/edirectory91_releasenotes/data/edirectory91_releasenotes.html •
CVE-2017-9285 – Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface
https://notcve.org/view.php?id=CVE-2017-9285
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. NetIQ eDirectory, en versiones anteriores a la 9.0 SP4, no imponía restricciones de inicio de sesión al emplear "ebaclient". Esto permitía el acceso no autorizado a los servicios de eDirectory. • https://bugzilla.suse.com/show_bug.cgi?id=1029077 https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html https://www.novell.com/support/kb/doc.php?id=7016794 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVE-2017-7429 – Fix for NetIQ shell code upload
https://notcve.org/view.php?id=CVE-2017-7429
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. La subida de certificados en el plugin NetIQ eDirectory PKI, en versiones anteriores a 8.8.8 Patch 10 Hotfix 1, podría aprovecharse para subir código JSP que puede ser empleado por atacantes autenticados para ejecutar applets JSP en el servidor iManager. • https://bugzilla.suse.com/show_bug.cgi?id=1024957 https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html https://www.novell.com/support/kb/doc.php?id=3426981 • CWE-295: Improper Certificate Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2017-5186
https://notcve.org/view.php?id=CVE-2017-5186
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. Novell iManager versión 2.7 anterior a SP7 Patch 9, Novell eDirectory 8.8.x anterior a 8.8 SP8 Patch 9 Hotfix 2, NetIQ eDirectory 9.x anterior a 9.0.2 Hotfix 2 (9.0.2.2) y NetIQ iManager 3.x anterior a 3.0.2.1 usan el algoritmo de hashing MD5 en un certificado para comunicaciones. • https://bugzilla.novell.com/show_bug.cgi?id=1019041 https://bugzilla.novell.com/show_bug.cgi?id=1019789 https://bugzilla.novell.com/show_bug.cgi?id=988749 https://www.novell.com/support/kb/doc.php?id=3426981 https://www.novell.com/support/kb/doc.php? • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •