CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7692
https://notcve.org/view.php?id=CVE-2018-7692
Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. Vulnerabilidad de redirección no validada en NetIQ eDirectory en versiones anteriores a la 9.1.1 HF1. • https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7686 – Novell NetIQ Access Manager dhost Service Shared Memory Section Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-7686
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. Vulnerabilidad de fuga de información en NetIQ eDirectory en versiones anteriores a la 9.1.1 HF1 debido al uso de memoria compartida. This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Novell NetIQ Access Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of information in a shared memory section by the dhost service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. • https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12468 – Arbitrary File Upload in GroupWise Administration Console
https://notcve.org/view.php?id=CVE-2018-12468
A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution. Una vulnerabilidad en la consola de administración de Micro Focus GroupWise en versiones anteriores a 18.0.2 podría permitir que un atacante remoto autenticado como administrador suba archivos en una ruta arbitraria en el servidor. En determinadas circunstancias, esto podría resultar en la ejecución remota de código. • https://www.novell.com/support/kb/doc.php?id=7023223 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 4%CPEs: 1EXPL: 1CVE-2018-12465 – Remote Code Execution in Micro Focus Secure Messaging Gateway
https://notcve.org/view.php?id=CVE-2018-12465
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5). • https://www.exploit-db.com/exploits/45083 https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway https://support.microfocus.com/kb/doc.php?id=7023133 https://support.microfocus.com/kb/doc.php?id=7023132 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 1CVE-2018-12464 – Unauthenticated SQL injection in Micro Focus Secure Messaging Gateway
https://notcve.org/view.php?id=CVE-2018-12464
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5). • https://www.exploit-db.com/exploits/45083 https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway https://support.microfocus.com/kb/doc.php?id=7023132 https://support.microfocus.com/kb/doc.php?id=7023133 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •