CVE-2018-12480 – NetIQ Access Manager XSS vulnerability in versions prior to 4.4 SP3
https://notcve.org/view.php?id=CVE-2018-12480
Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3. Mitiga un problema de Cross-Site Scripting (XSS) en NetIQ Access Manager en versiones anteriores a la 4.4 SP3. • https://support.microfocus.com/kb/doc.php?id=7023513 https://www.netiq.com/documentation/access-manager-44/accessmanager443-release-notes/data/accessmanager443-release-notes.html#b149i4n6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-10197 – ELO (Elektronischer Leitz-Ordner) 9 / 10 SQL Injection
https://notcve.org/view.php?id=CVE-2018-10197
There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerability exists in the ticket HTTP GET parameter. For example, one can succeed in reading the password hash of the administrator user in the "userdata" table from the "eloam" database. Hay una vulnerabilidad de inyección SQL ciega basada en tiempo en el componente Access Manager en versiones anteriores a la 9.18.040 y las versiones 10.x anteriores a la 10.18.040 en ELO ELOenterprise 9 y 10 y ELOprofessional 9 y 10 que posibilita leer todo el contenido de la base de datos. La vulnerabilidad existe en el parámetro HTTP GET ticket. • http://seclists.org/fulldisclosure/2018/Jul/29 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-7678 – XSS vulnerability in NetIQ Access Manager (NAM) Admin Console component
https://notcve.org/view.php?id=CVE-2018-7678
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4. Existe una vulnerabilidad de Cross-Site Scripting (XSS) en la consola de administración en NetIQ Access Manager (NAM) , versiones 4.3 y 4.4. • http://www.securityfocus.com/bid/103421 https://www.netiq.com/support/kb/doc.php?id=7022724 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-7677 – CSRF in NetIQ Access Manager (NAM) Identity Server component
https://notcve.org/view.php?id=CVE-2018-7677
A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component. Existe exposición CSRF en NetIQ Access Manager (NAM) 4.4, en el componente Identity Server. • http://www.securityfocus.com/bid/103420 https://www.netiq.com/support/kb/doc.php?id=7022725 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-7419 – NetIQ Access Manager OAuth Consent screen XSS attack
https://notcve.org/view.php?id=CVE-2017-7419
A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider. Una aplicación OAuth en NetIQ Access Manager, en versiones 4.3 anteriores a la 4.3.2 y versiones 4.2 anteriores a la 4.2.4, permitía ataques de Cross-Site Scripting (XSS) debido a un campo "description" sin escapar que podría especificar el proveedor. • https://bugzilla.suse.com/show_bug.cgi?id=1031853 https://www.novell.com/support/kb/doc.php?id=7019893 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •