CVE-2018-18254
https://notcve.org/view.php?id=CVE-2018-18254
An issue was discovered in CapMon Access Manager 5.4.1.1005. An unprivileged user can read the cal_whitelist table in the Custom App Launcher (CAL) database, and potentially gain privileges by placing a Trojan horse program at an app pathname. Se ha descubierto un problema en CapMon Access Manager 5.4.1.1005. Un usuario sin privilegios puede leer la tabla cal_whitelist en la base de datos Custom App Launcher (CAL) y, potencialmente, obtener privilegios colocando un programa troyano en un nombre de ruta de la aplicación. • https://improsec.com/tech-blog/cam1 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2018-18255
https://notcve.org/view.php?id=CVE-2018-18255
An issue was discovered in CapMon Access Manager 5.4.1.1005. The client applications of AccessManagerCoreService.exe communicate with this server through named pipes. A user can initiate communication with the server by creating a named pipe and sending commands to achieve elevated privileges. Se ha descubierto un problema en CapMon Access Manager 5.4.1.1005. Las aplicaciones de cliente de AccessManagerCoreService.exe se comunican con este servidor mediante tuberías nombradas. • https://improsec.com/tech-blog/cam1 • CWE-287: Improper Authentication •
CVE-2018-17948
https://notcve.org/view.php?id=CVE-2018-17948
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3. Existe una vulnerabilidad de redirección abierta en Access Manager Identity Provider en versiones anteriores a la 4.4 SP3. • https://support.microfocus.com/kb/doc.php?id=7023530 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2018-10197 – ELO (Elektronischer Leitz-Ordner) 9 / 10 SQL Injection
https://notcve.org/view.php?id=CVE-2018-10197
There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerability exists in the ticket HTTP GET parameter. For example, one can succeed in reading the password hash of the administrator user in the "userdata" table from the "eloam" database. Hay una vulnerabilidad de inyección SQL ciega basada en tiempo en el componente Access Manager en versiones anteriores a la 9.18.040 y las versiones 10.x anteriores a la 10.18.040 en ELO ELOenterprise 9 y 10 y ELOprofessional 9 y 10 que posibilita leer todo el contenido de la base de datos. La vulnerabilidad existe en el parámetro HTTP GET ticket. • http://seclists.org/fulldisclosure/2018/Jul/29 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-14801 – Reflected xss in Admin Console REST interface
https://notcve.org/view.php?id=CVE-2017-14801
Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter. Cross-Site Scripting (XSS) reflejado en NetIQ Access Manager, en versiones anteriores a la 4.3.3, permitía que atacantes reflejasen XSS en la página llamada empleando el parámetro url. • https://www.novell.com/support/kb/doc.php?id=7022357 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •