CVE-2017-7425 – Multiple Reflected XSS in iManager
https://notcve.org/view.php?id=CVE-2017-7425
Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2. Existen múltiples problemas potenciales de XSS reflejado en NetIQ iManager en versiones anteriores a la 2.7.7 Patch 10 HF2 y 3.0.3.2. • https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html https://www.netiq.com/documentation/imanager/imanager27710hf2readme/data/imanager27710hf2readme.html https://www.novell.com/support/kb/doc.php?id=7016795 https://www.novell.com/support/kb/doc.php?id=7021423 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-5186
https://notcve.org/view.php?id=CVE-2017-5186
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. Novell iManager versión 2.7 anterior a SP7 Patch 9, Novell eDirectory 8.8.x anterior a 8.8 SP8 Patch 9 Hotfix 2, NetIQ eDirectory 9.x anterior a 9.0.2 Hotfix 2 (9.0.2.2) y NetIQ iManager 3.x anterior a 3.0.2.1 usan el algoritmo de hashing MD5 en un certificado para comunicaciones. • https://bugzilla.novell.com/show_bug.cgi?id=1019041 https://bugzilla.novell.com/show_bug.cgi?id=1019789 https://bugzilla.novell.com/show_bug.cgi?id=988749 https://www.novell.com/support/kb/doc.php?id=3426981 https://www.novell.com/support/kb/doc.php? • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2013-1088
https://notcve.org/view.php?id=CVE-2013-1088
Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en iManager de Novell versión 2.7 anterior a SP6 Parche 1, permite a los atacantes remotos secuestrar la autenticación de usuarios arbitrarios mediante el aprovechamiento de la comprobación incorrecta de peticiones para código desplegado de iManager dentro de un contenedor Apache Tomcat. • http://www.novell.com/support/kb/doc.php?id=7010166 https://bugzilla.novell.com/show_bug.cgi?id=726260 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2013-3268
https://notcve.org/view.php?id=CVE-2013-3268
Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors. Novell iManager v2.7 antes del parche SP6 1 no se actualiza un identificador después de una acción de cierre de sesión, que tiene un impacto no especificado y vectores de ataque a distancia. • http://www.novell.com/support/kb/doc.php?id=7010166 http://www.securityfocus.com/bid/59450 https://bugzilla.novell.com/show_bug.cgi?id=807429 https://exchange.xforce.ibmcloud.com/vulnerabilities/83761 • CWE-287: Improper Authentication •
CVE-2011-4188
https://notcve.org/view.php?id=CVE-2011-4188
Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted EnteredAttrName parameter, a related issue to CVE-2010-1929. Desbordamiento de búfer en la función "Create Attribute" de JClient en Novell iManager v2.7.4 antes del parche 4 permite a usuarios remotos autenticados provocar una denegación de servicio (caída de la aplicación) o posiblemente tener otro impacto no especificado a través de un parámetro EnteredAttrName modificado a mano. Se trata de un problema relacionado con CVE-2010-1929. • http://secunia.com/advisories/48672 http://www.novell.com/support/viewContent.do?externalId=7002971 http://www.securitytracker.com/id?1026894 https://exchange.xforce.ibmcloud.com/vulnerabilities/74669 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •