CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7678 – XSS vulnerability in NetIQ Access Manager (NAM) Admin Console component
https://notcve.org/view.php?id=CVE-2018-7678
14 Mar 2018 — A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4. Existe una vulnerabilidad de Cross-Site Scripting (XSS) en la consola de administración en NetIQ Access Manager (NAM) , versiones 4.3 y 4.4. • http://www.securityfocus.com/bid/103421 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14801 – Reflected xss in Admin Console REST interface
https://notcve.org/view.php?id=CVE-2017-14801
02 Mar 2018 — Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter. Cross-Site Scripting (XSS) reflejado en NetIQ Access Manager, en versiones anteriores a la 4.3.3, permitía que atacantes reflejasen XSS en la página llamada empleando el parámetro url. • https://www.novell.com/support/kb/doc.php?id=7022357 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14802 – Unvalidated Redirect in NetIQ Access Manager after upgrading to NAM 4.3 AC and IDP URLs
https://notcve.org/view.php?id=CVE-2017-14802
02 Mar 2018 — Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites. Los servidores Novell Access Manager Admin Console y IDP en versiones anteriores a la 4.3.3 tienen una URL que podría ser empleada por atacantes remotos para desencadenar redirecciones sin validar a sitios de terceros. • https://www.novell.com/support/kb/doc.php?id=7022360 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7419 – NetIQ Access Manager OAuth Consent screen XSS attack
https://notcve.org/view.php?id=CVE-2017-7419
02 Mar 2018 — A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider. Una aplicación OAuth en NetIQ Access Manager, en versiones 4.3 anteriores a la 4.3.2 y versiones 4.2 anteriores a la 4.2.4, permitía ataques de Cross-Site Scripting (XSS) debido a un campo "description" sin escapar que podría especificar el proveedor. • https://bugzilla.suse.com/show_bug.cgi?id=1031853 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9276 – XSS Vulnerability in iManager
https://notcve.org/view.php?id=CVE-2017-9276
02 Mar 2018 — Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter. Novell Access Manager iManager, en versiones anteriores a la 4.3.3, no validaba parámetros, por lo que el contenido de Cross-Site Scripting (XSS) podía reflejarse de nuevo en la página de resultados mediante un parámetro "a". • https://www.novell.com/support/kb/doc.php?id=7022359 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14799 – XSS Vulnerability with ESP URL
https://notcve.org/view.php?id=CVE-2017-14799
01 Mar 2018 — A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page. Un ataque de Cross-Site Scripting (XSS) en la gestión del parámetro ESP login en NetIQ Access Manager, en versiones anteriores a la 4.3.3, podría emplearse para inyectar código JavaScript en la página de inicio de sesión. • https://www.novell.com/support/kb/doc.php?id=7022358 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14800 – Reflected xss on Access Manager iManager UI
https://notcve.org/view.php?id=CVE-2017-14800
01 Mar 2018 — A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users. Un ataque de Cross-Site Scripting (XSS) reflejado en NetIQ Access Manager, en versiones anteriores a la 4.3.3, al emplear el parámetro "typecontainerid" del editor de políticas, podría permitir la inyección de código en páginas de usuarios autenticados. • https://www.novell.com/support/kb/doc.php?id=7022356 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1342 – Novell NetIQ Access Manager FwRequest Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-1342
26 Jan 2018 — A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console. Existe una vulnerabilidad en Admin Console en la que un atacante puede subir archivos en el servidor de Admin Console y ejecutarlos. Esto provoca un impacto en las versiones 4.3 y 4.4 de NetIQ Access Manager, así como la consola de administración. This vulnerability allows remote att... • https://www.novell.com/support/kb/doc.php?id=7022444 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2017-14803 – Novell NetIQ Access Manager OspUIBasicSSODownload Servlet fileInfo1 Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-14803
19 Jan 2018 — In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system. En NetIQ Access Manager 4.3 y 4.4, existe un error en Identity Server al acceder a un conector SSO básico y descargar los plugins BasicSSO connector en IE11, donde un atacante puede ejecutar código arbitrario en el sistema. This vulnerability allows remote attackers to disclose sensitive in... • https://www.novell.com/support/kb/doc.php?id=7022443 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5191
https://notcve.org/view.php?id=CVE-2017-5191
24 Apr 2017 — An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header. Existe una vulnerabilidad de XSS en el URI /NAGErrors en NetIQ Access Manager 4.2 y 4.3 porque las páginas de Access Gateway Error no validan el encabezado HTTP Referer. • http://www.securityfocus.com/bid/98093 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •