CVE-2017-7430
https://notcve.org/view.php?id=CVE-2017-7430
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. Novell iManager en versiones 2.7.x anteriores a la 2.7 SP7 Patch 10 HF1 y NetIQ iManager versiones 3.x anteriores a la 3.0.3.1 presentan una vulnerabilidad de XSS persistente en el Framework. • https://bugzilla.novell.com/show_bug.cgi?id=1024959 https://bugzilla.novell.com/show_bug.cgi?id=1030691 https://dl.netiq.com/Download?buildid=24FxpmqdThE~ https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~ https://www.netiq.com/support/kb/doc.php? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-7432
https://notcve.org/view.php?id=CVE-2017-7432
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. Novell iManager 2.7.x antes 2.7 SP7 Patch 10 HF1 y NetIQ iManager 3.x antes 3.0.3.1 tienen una vulnerabilidad de carga de webshell. • https://bugzilla.novell.com/show_bug.cgi?id=1027619 https://dl.netiq.com/Download?buildid=24FxpmqdThE~ https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~ https://www.netiq.com/support/kb/doc.php?id=7016795 https://www.novell.com/support/kb/doc.php? •
CVE-2017-7431
https://notcve.org/view.php?id=CVE-2017-7431
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. Novell iManager 2.7.x antes 2.7 SP7 Patch 10 HF1 y NetIQ iManager 3.x antes 3.0.3.1 tienen un CSRF persistente en la gestión de objetos. • https://bugzilla.novell.com/show_bug.cgi?id=1024963 https://bugzilla.novell.com/show_bug.cgi?id=1030692 https://dl.netiq.com/Download?buildid=24FxpmqdThE~ https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~ https://www.netiq.com/support/kb/doc.php? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-5186
https://notcve.org/view.php?id=CVE-2017-5186
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. Novell iManager versión 2.7 anterior a SP7 Patch 9, Novell eDirectory 8.8.x anterior a 8.8 SP8 Patch 9 Hotfix 2, NetIQ eDirectory 9.x anterior a 9.0.2 Hotfix 2 (9.0.2.2) y NetIQ iManager 3.x anterior a 3.0.2.1 usan el algoritmo de hashing MD5 en un certificado para comunicaciones. • https://bugzilla.novell.com/show_bug.cgi?id=1019041 https://bugzilla.novell.com/show_bug.cgi?id=1019789 https://bugzilla.novell.com/show_bug.cgi?id=988749 https://www.novell.com/support/kb/doc.php?id=3426981 https://www.novell.com/support/kb/doc.php? • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2013-1088
https://notcve.org/view.php?id=CVE-2013-1088
Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en iManager de Novell versión 2.7 anterior a SP6 Parche 1, permite a los atacantes remotos secuestrar la autenticación de usuarios arbitrarios mediante el aprovechamiento de la comprobación incorrecta de peticiones para código desplegado de iManager dentro de un contenedor Apache Tomcat. • http://www.novell.com/support/kb/doc.php?id=7010166 https://bugzilla.novell.com/show_bug.cgi?id=726260 • CWE-352: Cross-Site Request Forgery (CSRF) •