CVE-2021-22525
https://notcve.org/view.php?id=CVE-2021-22525
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1 Esta versión soluciona una posible vulnerabilidad de filtrado de información en NetIQ Access Manager versiones anteriores a 5.0.1 • https://support.microfocus.com/kb/doc.php?id=7025254 •
CVE-2020-25840
https://notcve.org/view.php?id=CVE-2020-25840
Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction. Una vulnerabilidad de tipo Cross-Site scripting en el producto Micro Focus Access Manager afecta a todas las versiones anteriores a 5.0. La vulnerabilidad podría causar una destrucción de la configuración. • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-22506 – Micro Focus Access Manager Information Leakage Vulnerability
https://notcve.org/view.php?id=CVE-2021-22506
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage. Una configuración avanzada que expone una vulnerabilidad de Filtrado de Información en el producto Micro Focus Access Manager afecta a todas las versiones anteriores a 5.0. La vulnerabilidad podría causar un filtrado de información. Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used. • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html •
CVE-2021-22496
https://notcve.org/view.php?id=CVE-2021-22496
Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage. Una vulnerabilidad de Omisión de Autenticación en Micro Focus Access Manager Product afecta a todas las versiones anteriores a 4.5.3.3. La vulnerabilidad podría causar una filtración de información • https://www.netiq.com/documentation/access-manager-45-appliance/accessmanager453-p3-release-notes/data/accessmanager453-p3-release-notes.html • CWE-287: Improper Authentication •
CVE-2018-18253
https://notcve.org/view.php?id=CVE-2018-18253
An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe attempts to enforce access control by adding an unprivileged user to the local Administrators group for a very short time to execute a single command. However, the user is left in that group if the command crashes, and there is also a race condition in all cases. Se ha descubierto un problema en CapMon Access Manager 5.4.1.1005. CALRunElevated.exe intenta aplicar los controles de acceso añadiendo un usuario no privilegiado al grupo local de Administradores durante un período de tiempo muy corto para ejecutar un único comando. • https://improsec.com/tech-blog/cam1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •