CVE-2021-22496
https://notcve.org/view.php?id=CVE-2021-22496
Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage. Una vulnerabilidad de Omisión de Autenticación en Micro Focus Access Manager Product afecta a todas las versiones anteriores a 4.5.3.3. La vulnerabilidad podría causar una filtración de información • https://www.netiq.com/documentation/access-manager-45-appliance/accessmanager453-p3-release-notes/data/accessmanager453-p3-release-notes.html • CWE-287: Improper Authentication •
CVE-2018-17948
https://notcve.org/view.php?id=CVE-2018-17948
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3. Existe una vulnerabilidad de redirección abierta en Access Manager Identity Provider en versiones anteriores a la 4.4 SP3. • https://support.microfocus.com/kb/doc.php?id=7023530 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2018-12480 – NetIQ Access Manager XSS vulnerability in versions prior to 4.4 SP3
https://notcve.org/view.php?id=CVE-2018-12480
Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3. Mitiga un problema de Cross-Site Scripting (XSS) en NetIQ Access Manager en versiones anteriores a la 4.4 SP3. • https://support.microfocus.com/kb/doc.php?id=7023513 https://www.netiq.com/documentation/access-manager-44/accessmanager443-release-notes/data/accessmanager443-release-notes.html#b149i4n6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-9412 – NetIQ Access Manager 4.0 SP1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-9412
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a different issue than CVE-2014-5216. Los dispositivos Cisco-Meraki MS, MR y MX con firmware anrerior a 2014-09-24 permiten a atacantes remotos obtener información sensible de credenciales aprovechando un manejador de acceso HTTP no especificado em ña red local, también conocido como Cisco-Meraki defect ID 00302012. • https://www.exploit-db.com/exploits/35594 http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html http://seclists.org/fulldisclosure/2014/Dec/78 https://www.novell.com/support/kb/doc.php?id=7015994 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-5216 – NetIQ Access Manager 4.0 SP1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-5216
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412. Múltiples vulnerabilidades XSS en NetIQ Access Manager (NAM) 4.x anterior a 4.0.1 HF3 permite a atacantes remotos inyectar scripts arbitrarios o HTML mediante (1) el parámetro de ubicación en una acción dev.Empty hacia nps/servlet/webacc, (2) el parámetro error hacia nidp/jsp/x509err.jsp, (3) el parámetro lang hacia sslvpn/applet_agent.jsp o (4) el parámetro secureLoggingServersA hacia roma/system/cntl, un problema distinto de CVE-2014-9412. NetIQ Access Manager version 4.0 SP1 suffers from cross site request forgery, external entity injection, information disclosure, and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/35594 http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html http://seclists.org/fulldisclosure/2014/Dec/78 https://www.novell.com/support/kb/doc.php?id=7015994 https://www.novell.com/support/kb/doc.php?id=7015996 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •