CVE-2016-5334
https://notcve.org/view.php?id=CVE-2016-5334
VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. VMware Identity Manager 2.x en versiones anteriores a 2.7.1 y vRealize Automation 7.x en versiones anteriores a 7.2.0 permite a atacantes remotos leer archivos /SAAS/WEB-INF y /SAAS/META-INF a través de vectores no especificados. • http://www.securityfocus.com/bid/94482 http://www.securitytracker.com/id/1037326 http://www.vmware.com/security/advisories/VMSA-2016-0021.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2016-1598
https://notcve.org/view.php?id=CVE-2016-1598
XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages. XSS en NetIQ IDM 4.5 Identity Applications en versiones anteriores a 4.5.4 permite a los atacantes capaces de cambiar su nombre de usuario inyectar un código HTML arbitrario dentro de las páginas HTML de administrador Role Assignment. • http://www.securityfocus.com/bid/93833 https://download.novell.com/Download?buildid=xyswDCMsT7I~ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-1592
https://notcve.org/view.php?id=CVE-2016-1592
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. XSS en NetIQ Designer para Identity Manager en versiones anteriores a 4.5.3 permite a atacantes remotos inyectar un código HTML arbitrario a través del CGI nrfEntitlementReport.do. • http://www.securityfocus.com/bid/93973 https://download.novell.com/Download?buildid=QgHXVOxv310~ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-0787
https://notcve.org/view.php?id=CVE-2015-0787
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI. XSS en NetIQ Designer para Identity Manager en versiones anteriores a 4.5.3 permite a atacantes remotos inyectar un código HTML arbitrario a través del valor accessMgrDN del CGI forgotUser.do. • http://www.securityfocus.com/bid/93972 https://download.novell.com/Download?buildid=QgHXVOxv310~ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-5335
https://notcve.org/view.php?id=CVE-2016-5335
VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors. VMware Identity Manager 2.x en versiones anteriores a 2.7 y vRealize Automation 7.0.x en versiones anteriores a 7.1 permiten a usuarios locales obtener acceso root a través de vectores no especificados. • http://www.securityfocus.com/bid/92608 http://www.securitytracker.com/id/1036685 http://www.vmware.com/security/advisories/VMSA-2016-0013.html •