CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7426 – iManager - XML External Entity vulnerabilities
https://notcve.org/view.php?id=CVE-2017-7426
01 Mar 2018 — The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks. NetIQ Identity Manager Plugins, en versiones anteriores a la 4.6.1, contenía varios errores de gestión de XEE (XML External Entity) que podrían ser empleados por atacantes para filtrar información o provocar ataques de denegación de servicio (DoS). • https://www.novell.com/support/kb/doc.php?id=7021173 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5334 – VMware Security Advisory 2016-0021
https://notcve.org/view.php?id=CVE-2016-5334
24 Nov 2016 — VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. VMware Identity Manager 2.x en versiones anteriores a 2.7.1 y vRealize Automation 7.x en versiones anteriores a 7.2.0 permite a atacantes remotos leer archivos /SAAS/WEB-INF y /SAAS/META-INF a través de vectores no especificados. VMware product updates address partial information disclosure vulnerability. • http://www.securityfocus.com/bid/94482 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0787
https://notcve.org/view.php?id=CVE-2015-0787
27 Oct 2016 — XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI. XSS en NetIQ Designer para Identity Manager en versiones anteriores a 4.5.3 permite a atacantes remotos inyectar un código HTML arbitrario a través del valor accessMgrDN del CGI forgotUser.do. • http://www.securityfocus.com/bid/93972 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1592
https://notcve.org/view.php?id=CVE-2016-1592
27 Oct 2016 — XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. XSS en NetIQ Designer para Identity Manager en versiones anteriores a 4.5.3 permite a atacantes remotos inyectar un código HTML arbitrario a través del CGI nrfEntitlementReport.do. • http://www.securityfocus.com/bid/93973 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5335 – VMware Security Advisory 2016-0013
https://notcve.org/view.php?id=CVE-2016-5335
24 Aug 2016 — VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors. VMware Identity Manager 2.x en versiones anteriores a 2.7 y vRealize Automation 7.0.x en versiones anteriores a 7.1 permiten a usuarios locales obtener acceso root a través de vectores no especificados. VMware Identity Manager and vRealize Automation updates address multiple security issues. • http://www.securityfocus.com/bid/92608 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4526
https://notcve.org/view.php?id=CVE-2007-4526
25 Aug 2007 — The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this file. La Client Login Extension (CLE) de Novell Identity Manager versiones anteriores a 3.5.1 20070730 almacena nombre de usuario y contraseña en un fichero local, lo cual permite a usuarios locales obtener información confidencial leyendo este fichero. • http://osvdb.org/37320 • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4803
https://notcve.org/view.php?id=CVE-2006-4803
14 Sep 2006 — The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and "code injection." La secuencia de comandos del receptor de fan-out de linux y UNIX permite a un usuario local ejecutar comandos de su elección a través de vectores sin especificar que implican ciertas varibles de entorno e "inyecciòn de código". • http://secunia.com/advisories/21888 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2006-4506
https://notcve.org/view.php?id=CVE-2006-4506
31 Aug 2006 — idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " (quote) and \ (backslash) characters and eval injection. idmlib.sh en nxdrv en Novell Identity Manager (IDM) 3.0.1 permite a usuarios locales ejecutar órdenes de su elección mediante vectores no especificados, posiblemente implicando los caractéres " (comillas) y \ (contrabarra) en una inyección de 'eval'. • http://securitytracker.com/id?1016741 •