Page 2 of 11 results (0.012 seconds)

CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0

NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance. NetIQ iManager, en versiones anteriores a la 3.0.3, entregaba una clave privada SSL en una aplicación Java (archivo JAR) para autenticación en Sentinel, lo que permite que atacantes remotos extraigan y establezcan sus propias conexiones en la aplicación de Sentinel. • https://bugzilla.suse.com/show_bug.cgi?id=1021637 https://www.netiq.com/support/kb/doc.php?id=7016795 • CWE-287: Improper Authentication CWE-522: Insufficiently Protected Credentials •

CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0

Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2. Existen múltiples problemas potenciales de XSS reflejado en NetIQ iManager en versiones anteriores a la 2.7.7 Patch 10 HF2 y 3.0.3.2. • https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html https://www.novell.com/support/kb/doc.php?id=7016795 https://www.novell.com/support/kb/doc.php?id=7021423 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 0

Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. Novell iManager en versiones 2.7.x anteriores a la 2.7 SP7 Patch 10 HF1 y NetIQ iManager versiones 3.x anteriores a la 3.0.3.1 presentan una vulnerabilidad de XSS persistente en el Framework. • https://bugzilla.novell.com/show_bug.cgi?id=1024959 https://bugzilla.novell.com/show_bug.cgi?id=1030691 https://dl.netiq.com/Download?buildid=24FxpmqdThE~ https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~ https://www.netiq.com/support/kb/doc.php? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 28EXPL: 0

Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. Novell iManager 2.7.x antes 2.7 SP7 Patch 10 HF1 y NetIQ iManager 3.x antes 3.0.3.1 tienen una vulnerabilidad de carga de webshell. • https://bugzilla.novell.com/show_bug.cgi?id=1027619 https://dl.netiq.com/Download?buildid=24FxpmqdThE~ https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~ https://www.netiq.com/support/kb/doc.php?id=7016795 https://www.novell.com/support/kb/doc.php? •

CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0

Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. Novell iManager 2.7.x antes 2.7 SP7 Patch 10 HF1 y NetIQ iManager 3.x antes 3.0.3.1 tienen un CSRF persistente en la gestión de objetos. • https://bugzilla.novell.com/show_bug.cgi?id=1024963 https://bugzilla.novell.com/show_bug.cgi?id=1030692 https://dl.netiq.com/Download?buildid=24FxpmqdThE~ https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~ https://www.netiq.com/support/kb/doc.php? • CWE-352: Cross-Site Request Forgery (CSRF) •