CVE-2018-7678 – XSS vulnerability in NetIQ Access Manager (NAM) Admin Console component
https://notcve.org/view.php?id=CVE-2018-7678
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4. Existe una vulnerabilidad de Cross-Site Scripting (XSS) en la consola de administración en NetIQ Access Manager (NAM) , versiones 4.3 y 4.4. • http://www.securityfocus.com/bid/103421 https://www.netiq.com/support/kb/doc.php?id=7022724 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-7677 – CSRF in NetIQ Access Manager (NAM) Identity Server component
https://notcve.org/view.php?id=CVE-2018-7677
A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component. Existe exposición CSRF en NetIQ Access Manager (NAM) 4.4, en el componente Identity Server. • http://www.securityfocus.com/bid/103420 https://www.netiq.com/support/kb/doc.php?id=7022725 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-1342 – Novell NetIQ Access Manager FwRequest Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-1342
A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console. Existe una vulnerabilidad en Admin Console en la que un atacante puede subir archivos en el servidor de Admin Console y ejecutarlos. Esto provoca un impacto en las versiones 4.3 y 4.4 de NetIQ Access Manager, así como la consola de administración. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell NetIQ Access Manager. • https://www.novell.com/support/kb/doc.php?id=7022444 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2017-14803 – Novell NetIQ Access Manager OspUIBasicSSODownload Servlet fileInfo1 Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-14803
In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system. En NetIQ Access Manager 4.3 y 4.4, existe un error en Identity Server al acceder a un conector SSO básico y descargar los plugins BasicSSO connector en IE11, donde un atacante puede ejecutar código arbitrario en el sistema. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Novell NetIQ Access Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadBasicSSOServlet servlet. When parsing the fileInfo1 parameter, the process does not properly validate a user-supplied path prior to using it in file operations. • https://www.novell.com/support/kb/doc.php?id=7022443 •