CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22525
https://notcve.org/view.php?id=CVE-2021-22525
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1 Esta versión soluciona una posible vulnerabilidad de filtrado de información en NetIQ Access Manager versiones anteriores a 5.0.1 • https://support.microfocus.com/kb/doc.php?id=7025254 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25840
https://notcve.org/view.php?id=CVE-2020-25840
Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction. Una vulnerabilidad de tipo Cross-Site scripting en el producto Micro Focus Access Manager afecta a todas las versiones anteriores a 5.0. La vulnerabilidad podría causar una destrucción de la configuración. • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22506 – Micro Focus Access Manager Information Leakage Vulnerability
https://notcve.org/view.php?id=CVE-2021-22506
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage. Una configuración avanzada que expone una vulnerabilidad de Filtrado de Información en el producto Micro Focus Access Manager afecta a todas las versiones anteriores a 5.0. La vulnerabilidad podría causar un filtrado de información. Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used. • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18253
https://notcve.org/view.php?id=CVE-2018-18253
An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe attempts to enforce access control by adding an unprivileged user to the local Administrators group for a very short time to execute a single command. However, the user is left in that group if the command crashes, and there is also a race condition in all cases. Se ha descubierto un problema en CapMon Access Manager 5.4.1.1005. CALRunElevated.exe intenta aplicar los controles de acceso añadiendo un usuario no privilegiado al grupo local de Administradores durante un período de tiempo muy corto para ejecutar un único comando. • https://improsec.com/tech-blog/cam1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18254
https://notcve.org/view.php?id=CVE-2018-18254
An issue was discovered in CapMon Access Manager 5.4.1.1005. An unprivileged user can read the cal_whitelist table in the Custom App Launcher (CAL) database, and potentially gain privileges by placing a Trojan horse program at an app pathname. Se ha descubierto un problema en CapMon Access Manager 5.4.1.1005. Un usuario sin privilegios puede leer la tabla cal_whitelist en la base de datos Custom App Launcher (CAL) y, potencialmente, obtener privilegios colocando un programa troyano en un nombre de ruta de la aplicación. • https://improsec.com/tech-blog/cam1 • CWE-732: Incorrect Permission Assignment for Critical Resource •