CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38758 – XSS vulnerabilities in iManager
https://notcve.org/view.php?id=CVE-2022-38758
25 Jan 2023 — Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL. Vulnerabilidad de cross site scripting (XSS) en NetIQ iManager anterior a la versión 3.2.6 permite a un atacante ejecutar scripts maliciosos en el navegador del usuario. Este problema afecta a: Micro Focus NetIQ iManager Versiones de NetIQ iManager anteriores a la 3.2... • https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17949
https://notcve.org/view.php?id=CVE-2018-17949
12 Dec 2018 — Cross site scripting vulnerability in iManager prior to 3.1 SP2. Vulnerabilidad Cross-Site Scripting (XSS) en iManager en versiones anteriores a la 3.1 SP2. • https://www.netiq.com/documentation/imanager-31/imanager312_releasenotes/data/imanager312_releasenotes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1345 – iManager elevation of privilege
https://notcve.org/view.php?id=CVE-2018-1345
21 Mar 2018 — NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack. NetIQ iManager, en versiones anteriores a la 3.1, podría ser susceptible bajo ciertas circunstancias a un ataque de elevación de privilegios. • https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1347 – NetIQ iManager, versions prior to 3.1, reflected XSS issue
https://notcve.org/view.php?id=CVE-2018-1347
21 Mar 2018 — The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting. La interfaz web administrativa en NetIQ iManager, en versiones anteriores a la 3.1, es vulnerable a Cross-Site Scripting (XSS) reflejado. • http://www.securityfocus.com/bid/103492 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1344 – NetIQ iManager Communication Downgrade Attack
https://notcve.org/view.php?id=CVE-2018-1344
21 Mar 2018 — Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1 Se trata de un potencial ataque de degradación de comunicaciones en NetIQ iManager, en versiones anteriores a la 3.1. • https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2017-5189 – private SSL key embedded in JAR file in iManager
https://notcve.org/view.php?id=CVE-2017-5189
02 Mar 2018 — NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance. NetIQ iManager, en versiones anteriores a la 3.0.3, entregaba una clave privada SSL en una aplicación Java (archivo JAR) para autenticación en Sentinel, lo que permite que atacantes remotos extraigan y establezcan sus propias conexiones en la aplicación de Sentinel. • https://bugzilla.suse.com/show_bug.cgi?id=1021637 • CWE-287: Improper Authentication CWE-522: Insufficiently Protected Credentials •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7425 – Multiple Reflected XSS in iManager
https://notcve.org/view.php?id=CVE-2017-7425
06 Nov 2017 — Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2. Existen múltiples problemas potenciales de XSS reflejado en NetIQ iManager en versiones anteriores a la 2.7.7 Patch 10 HF2 y 3.0.3.2. • https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2017-7428
https://notcve.org/view.php?id=CVE-2017-7428
03 May 2017 — NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat. NetIQ iManager 3.x antes de 3.0.3.1 tiene un problema en la renegociación de los parámetros de conexión con Tomcat. • https://bugzilla.novell.com/show_bug.cgi?id=1029431 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2017-7431
https://notcve.org/view.php?id=CVE-2017-7431
03 May 2017 — Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. Novell iManager 2.7.x antes 2.7 SP7 Patch 10 HF1 y NetIQ iManager 3.x antes 3.0.3.1 tienen un CSRF persistente en la gestión de objetos. • https://bugzilla.novell.com/show_bug.cgi?id=1024963 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 0CVE-2017-7430
https://notcve.org/view.php?id=CVE-2017-7430
03 May 2017 — Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. Novell iManager en versiones 2.7.x anteriores a la 2.7 SP7 Patch 10 HF1 y NetIQ iManager versiones 3.x anteriores a la 3.0.3.1 presentan una vulnerabilidad de XSS persistente en el Framework. • https://bugzilla.novell.com/show_bug.cgi?id=1024959 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •