CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1346 – NetIQ eDirectory Denial of Service
https://notcve.org/view.php?id=CVE-2018-1346
21 Mar 2018 — Addresses denial of service attack to eDirectory versions prior to 9.1. Se trata de un ataque de denegación de servicio (DoS) en eDirectory, en versiones anteriores a la 9.1. • http://www.securityfocus.com/bid/103493 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1347 – NetIQ iManager, versions prior to 3.1, reflected XSS issue
https://notcve.org/view.php?id=CVE-2018-1347
21 Mar 2018 — The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting. La interfaz web administrativa en NetIQ iManager, en versiones anteriores a la 3.1, es vulnerable a Cross-Site Scripting (XSS) reflejado. • http://www.securityfocus.com/bid/103492 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7677 – CSRF in NetIQ Access Manager (NAM) Identity Server component
https://notcve.org/view.php?id=CVE-2018-7677
14 Mar 2018 — A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component. Existe exposición CSRF en NetIQ Access Manager (NAM) 4.4, en el componente Identity Server. • http://www.securityfocus.com/bid/103420 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7678 – XSS vulnerability in NetIQ Access Manager (NAM) Admin Console component
https://notcve.org/view.php?id=CVE-2018-7678
14 Mar 2018 — A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4. Existe una vulnerabilidad de Cross-Site Scripting (XSS) en la consola de administración en NetIQ Access Manager (NAM) , versiones 4.3 y 4.4. • http://www.securityfocus.com/bid/103421 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1343
https://notcve.org/view.php?id=CVE-2018-1343
06 Mar 2018 — PAM exposure enabling unauthenticated access to remote host La exposición de PAM permite el acceso no autenticado al host remoto. • https://www.netiq.com/documentation/privileged-account-manager-3/npam3104-release-notes/data/npam3104-release-notes.html • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7427 – iManager - Multiple Reflected Cross-Site Scripting attacks
https://notcve.org/view.php?id=CVE-2017-7427
05 Mar 2018 — Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector, via vdtData in the Version discovery and via nextFrame in the Object Inspector and via Host GUID in the System details plugins. Se han encontrado múltiples ataques de Cross-Site Scripting (XSS) en el plugin Identit... • https://bugzilla.suse.com/show_bug.cgi?id=1033828 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-7437 – Cross site scripting attacks against NetIQ Privileged Account Manager
https://notcve.org/view.php?id=CVE-2017-7437
05 Mar 2018 — NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests. NetIQ Privileged Account Manager, en versiones anteriores a 3.1 Patch Update 3, permitía ataques de Cross-Site Scripting (XSS) mediante los parámetros "type" y "account" de peticiones json. • https://bugzilla.suse.com/show_bug.cgi?id=1001069 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2017-5189 – private SSL key embedded in JAR file in iManager
https://notcve.org/view.php?id=CVE-2017-5189
02 Mar 2018 — NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance. NetIQ iManager, en versiones anteriores a la 3.0.3, entregaba una clave privada SSL en una aplicación Java (archivo JAR) para autenticación en Sentinel, lo que permite que atacantes remotos extraigan y establezcan sus propias conexiones en la aplicación de Sentinel. • https://bugzilla.suse.com/show_bug.cgi?id=1021637 • CWE-287: Improper Authentication CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14801 – Reflected xss in Admin Console REST interface
https://notcve.org/view.php?id=CVE-2017-14801
02 Mar 2018 — Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter. Cross-Site Scripting (XSS) reflejado en NetIQ Access Manager, en versiones anteriores a la 4.3.3, permitía que atacantes reflejasen XSS en la página llamada empleando el parámetro url. • https://www.novell.com/support/kb/doc.php?id=7022357 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14802 – Unvalidated Redirect in NetIQ Access Manager after upgrading to NAM 4.3 AC and IDP URLs
https://notcve.org/view.php?id=CVE-2017-14802
02 Mar 2018 — Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites. Los servidores Novell Access Manager Admin Console y IDP en versiones anteriores a la 4.3.3 tienen una URL que podría ser empleada por atacantes remotos para desencadenar redirecciones sin validar a sitios de terceros. • https://www.novell.com/support/kb/doc.php?id=7022360 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •