CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22530 – Improper account management vulnerability in NetIQ Advance Authentication
https://notcve.org/view.php?id=CVE-2021-22530
28 Aug 2024 — A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1 • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html • CWE-667: Improper Locking •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38120 – Remote Code Execution using Bash command Injection in backup scheduling functionality in NetIQ Advance Authentication
https://notcve.org/view.php?id=CVE-2021-38120
28 Aug 2024 — A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1. A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authenticat... • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38121 – Weak communication protocol identified in Advance Authentication client application
https://notcve.org/view.php?id=CVE-2021-38121
28 Aug 2024 — Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1 • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html • CWE-326: Inadequate Encryption Strength •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38122 – Cross-Site Scripting (XSS) in Advance Authentication
https://notcve.org/view.php?id=CVE-2021-38122
28 Aug 2024 — A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1 A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1 • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html • CWE-20: Improper Input Validation •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4554 – Multiple xss vulnerability in NetIQ Access Manager
https://notcve.org/view.php?id=CVE-2024-4554
28 Aug 2024 — Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects NetIQ Access Manager before 5.0.4.1 and 5.1. Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects NetIQ Access Manager before 5.0.4.1 and 5.1. • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4555 – User impersonation with MFA when configure in specific way
https://notcve.org/view.php?id=CVE-2024-4555
28 Aug 2024 — Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1 Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1 • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4556 – Directory traversal vulnerability in NetIQ Access Manager
https://notcve.org/view.php?id=CVE-2024-4556
28 Aug 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1. • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42852
https://notcve.org/view.php?id=CVE-2024-42852
23 Aug 2024 — Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component. • https://github.com/Hebing123/cve/issues/64 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11847 – Vulnerability in sshrelay in privileged access manager provides full system access.
https://notcve.org/view.php?id=CVE-2020-11847
21 Aug 2024 — SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1. • https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11846 – Improper handling of token allows access to restricted resource in Privileged Access Manager
https://notcve.org/view.php?id=CVE-2020-11846
21 Aug 2024 — A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1. A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager be... • https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html • CWE-269: Improper Privilege Management •