CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5191
https://notcve.org/view.php?id=CVE-2017-5191
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header. Existe una vulnerabilidad de XSS en el URI /NAGErrors en NetIQ Access Manager 4.2 y 4.3 porque las páginas de Access Gateway Error no validan el encabezado HTTP Referer. • http://www.securityfocus.com/bid/98093 https://www.novell.com/support/kb/doc.php?id=7018793 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-5183
https://notcve.org/view.php?id=CVE-2017-5183
NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document. NetIQ Access Manager 4.2.2 y 4.3.x en versiones anteriores a 4.3.1+, cuando está configurado como Identity Server, tiene XSS en el campo AssertionConsumerServiceURL de un AuthnRequest firmado en un documento samlp: AuthnRequest. • https://www.novell.com/support/kb/doc.php?id=7018509 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5190
https://notcve.org/view.php?id=CVE-2017-5190
NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile. NetIQ Access Manager 4.2 en versiones anteriores a SP3 HF1 y 4.3 en versiones anteriores a SP1 HF1 cuando está configurado como un SAML 2.0 Identity Server con Virtual Attributes, tiene un problema de concurrencia causando la fuga de información, relacionado con un perfil obsoleto. • http://www.securityfocus.com/bid/97965 http://www.securitytracker.com/id/1038338 https://www.novell.com/support/kb/doc.php?id=7018792 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5755
https://notcve.org/view.php?id=CVE-2016-5755
NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting. NetIQ Access Manager 4.1 en versiones anteriores a 4.1.2 Hot Fix 1 y 4.2 en versiones anteriores a 4.2.2 era vulnerable a ataques de clickjacking debido a un filtro SAMEORIGIN perdido en la configuración "high encryption". • https://www.novell.com/support/kb/doc.php?id=7017812 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5756
https://notcve.org/view.php?id=CVE-2016-5756
Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl, roma/jsp/admin/appliance/devicedetail_edit.jsp, roma/jsp/admin/managementip/mgmt_ip_details_frameset.jsp, roma/jsp/admin/managementip/mgmt_ip_details_middleframe.jsp, roma/jsp/volsc/monitoring/appliance.jsp, and roma/jsp/volsc/monitoring/graph.jsp. Múltiples componentes de la herramientas web en NetIQ Access Manager 4.1 en versiones anteriores a 4.1.2 Hot Fix 1 y 4.2 en versiones anteriores a 4.2.2 eran vulnerables a ataques de XSS reflejados los cuales podían ser empleados para secuestrar la sesiones del usuario: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl, roma/jsp/admin/appliance/devicedetail_edit.jsp, roma/jsp/admin/managementip/mgmt_ip_details_frameset.jsp, roma/jsp/admin/managementip/mgmt_ip_details_middleframe.jsp, roma/jsp/volsc/monitoring/appliance.jsp y roma/jsp/volsc/monitoring/graph.jsp. • https://www.novell.com/support/kb/doc.php?id=7017813 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •