NotCVE - vendor:"Netiq" product:"Access Manager" version:" <= 4.3"

Page 4 of 43 results (0.007 seconds)

CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0

CVE-2016-5757

https://notcve.org/view.php?id=CVE-2016-5757

23 Mar 2017 — iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials. iManager Admin Console en NetIQ Access Manager 4.1 en versiones anteriores a 4.1.2 Hot Fix 1 y 4.2 en versiones anteriores a 4.2.2 era vulnerable a ataques de manipulación de iFrame, lo que podría permitir a usuarios remotos obtener acceso a las credenciales de autenticación. • https://www.novell.com/support/kb/doc.php?id=7017818 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2016-5758

https://notcve.org/view.php?id=CVE-2016-5758

23 Mar 2017 — A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load. Un mecanismo de protección contra CSRF en NetIQ Access Manager 4.1 en versiones anteriores a 4.1.2 Hot Fix 1 y 4.2 en versiones anteriores a 4.2.2 podría ser eludido por subidas repetidas provocando una carga alta. • http://www.securityfocus.com/bid/97035 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 6%CPEs: 2EXPL: 6

CVE-2014-9412 – NetIQ Access Manager 4.0 SP1 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2014-9412

19 Dec 2014 — Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a different issue than CVE-2014-5216. Los dispositivos Cisco-Meraki MS, MR y MX con firmware anrerior a 2014-09-24 permiten a atacantes remotos obtener información sensible de credenciales aprovechando un manejador ... • https://packetstorm.news/files/id/129658 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 5

CVE-2014-5214 – NetIQ Access Manager 4.0 SP1 XSS / CSRF / XXE Injection / Disclosure

https://notcve.org/view.php?id=CVE-2014-5214

19 Dec 2014 — nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. nps/servlet/webacc en iManager en el servidor Administration Console de NetIQ Access Manager (NAM) 4.x anterior a 4.0.1 HF3 permite a usuarios remotos autenticados leer ar... • https://packetstorm.news/files/id/129658 •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 5

CVE-2014-5215 – NetIQ Access Manager 4.0 SP1 XSS / CSRF / XXE Injection / Disclosure

https://notcve.org/view.php?id=CVE-2014-5215

19 Dec 2014 — NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp. NetIQ Access Manager (NAM) 4.x anterior a 4.0.1 HF3 permite a administradores remotos autenticados descubrir contraseñas de cuentas de servicio a través de una petición a (1) roma/jsp/volsc/monitoring/dev_services.jsp o (2) roma/jsp/debug/debug.jsp. NetIQ Access Manager version 4.0 SP1... • https://packetstorm.news/files/id/129658 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 7%CPEs: 2EXPL: 7

CVE-2014-5216 – NetIQ Access Manager 4.0 SP1 - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2014-5216

19 Dec 2014 — Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412. Múltiples vulnerabilidades XSS en NetIQ Access Manager (NAM) 4.x ante... • https://packetstorm.news/files/id/129658 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 5

CVE-2014-5217 – NetIQ Access Manager 4.0 SP1 XSS / CSRF / XXE Injection / Disclosure

https://notcve.org/view.php?id=CVE-2014-5217

19 Dec 2014 — Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action. Vulnerabilidad de CSRF en nps/servlet/webacc en el servidor Administration Console en NetIQ Access Manager (NAM) 4.x anterior a 4.1 permite a atacantes remotos secuestrar la autenticación de los administrad... • https://packetstorm.news/files/id/129658 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 10%CPEs: 3EXPL: 0

CVE-2010-0284 – Novell Access Manager Arbitrary File Upload Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2010-0284

18 Jun 2010 — Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678. Vulnerabilidad de salto de directorio en el método getEntry en el componente PortalModuleInstallManager en... • http://secunia.com/advisories/40198 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2009-4878

https://notcve.org/view.php?id=CVE-2009-4878

26 May 2010 — Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors. Vulnerabilidad no especificada en la Consola de Administración en Novell Access Manager anterior v3.1 SP1 permite a atacantes acceder al sistema de ficheros a través de vectores de ataque desconocidos. • http://secunia.com/advisories/35898 •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2009-4879

https://notcve.org/view.php?id=CVE-2009-4879

26 May 2010 — The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions. El servidor de identidades en Novell Access Manager anterior v3.1 SP1 permite a atacantes con cuenta Active Directory desactivada, autenticarse usando autenticación X.509, que elude las restricciones establecidas • http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html • CWE-287: Improper Authentication •

1 2 3 4 5