CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9280 – Novell Identity Manager User Application get request url contains the session token.
https://notcve.org/view.php?id=CVE-2017-9280
02 Mar 2018 — Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar. Algunas versiones de NetIQ Identity Manager Applications anteriores a la Identity Manager 4.5.6.1 incluían el token de sesión en las URL GET. Esto podría permitir se expongan sesiones de usuario a terceros mediante proxies, url de referencia o similares. • https://bugzilla.suse.com/show_bug.cgi?id=1049143 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7426 – iManager - XML External Entity vulnerabilities
https://notcve.org/view.php?id=CVE-2017-7426
01 Mar 2018 — The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks. NetIQ Identity Manager Plugins, en versiones anteriores a la 4.6.1, contenía varios errores de gestión de XEE (XML External Entity) que podrían ser empleados por atacantes para filtrar información o provocar ataques de denegación de servicio (DoS). • https://www.novell.com/support/kb/doc.php?id=7021173 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-9272
https://notcve.org/view.php?id=CVE-2017-9272
06 Oct 2017 — The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack. El controlador bidireccional en IDM 4.5 en versiones anteriores a la 4.0.3.0 podría ser susceptible a un ataque de denegación de servicio (DoS). • https://download.microfocus.com/Download?buildid=SRL-_pc5pR8 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-9273
https://notcve.org/view.php?id=CVE-2017-9273
06 Oct 2017 — The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes. El controlador bidireccional en IDM 4.5 en versiones anteriores a la 4.0.3.0 podría ser susceptible a cambios de la configuración del registro sin autorización. • https://download.microfocus.com/Download?buildid=SRL-_pc5pR8 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5334 – VMware Security Advisory 2016-0021
https://notcve.org/view.php?id=CVE-2016-5334
24 Nov 2016 — VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. VMware Identity Manager 2.x en versiones anteriores a 2.7.1 y vRealize Automation 7.x en versiones anteriores a 7.2.0 permite a atacantes remotos leer archivos /SAAS/WEB-INF y /SAAS/META-INF a través de vectores no especificados. VMware product updates address partial information disclosure vulnerability. • http://www.securityfocus.com/bid/94482 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0787
https://notcve.org/view.php?id=CVE-2015-0787
27 Oct 2016 — XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI. XSS en NetIQ Designer para Identity Manager en versiones anteriores a 4.5.3 permite a atacantes remotos inyectar un código HTML arbitrario a través del valor accessMgrDN del CGI forgotUser.do. • http://www.securityfocus.com/bid/93972 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1592
https://notcve.org/view.php?id=CVE-2016-1592
27 Oct 2016 — XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. XSS en NetIQ Designer para Identity Manager en versiones anteriores a 4.5.3 permite a atacantes remotos inyectar un código HTML arbitrario a través del CGI nrfEntitlementReport.do. • http://www.securityfocus.com/bid/93973 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1598
https://notcve.org/view.php?id=CVE-2016-1598
27 Oct 2016 — XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages. XSS en NetIQ IDM 4.5 Identity Applications en versiones anteriores a 4.5.4 permite a los atacantes capaces de cambiar su nombre de usuario inyectar un código HTML arbitrario dentro de las páginas HTML de administrador Role Assignment. • http://www.securityfocus.com/bid/93833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5335 – VMware Security Advisory 2016-0013
https://notcve.org/view.php?id=CVE-2016-5335
24 Aug 2016 — VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors. VMware Identity Manager 2.x en versiones anteriores a 2.7 y vRealize Automation 7.0.x en versiones anteriores a 7.1 permiten a usuarios locales obtener acceso root a través de vectores no especificados. VMware Identity Manager and vRealize Automation updates address multiple security issues. • http://www.securityfocus.com/bid/92608 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4509
https://notcve.org/view.php?id=CVE-2014-4509
21 Jun 2014 — The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters. La función MKDQUOTESAFE en la secuencias de comandos del controlador Fan-out en Fan-Out Platform Services en Novell Identity Manager (también conocido como IDM) 4.0.2 permite a usuarios locales ejecutar comandos arbitrarios mediante el aprovechamiento de... • http://download.novell.com/Download?buildid=5XLmBl54_Rg~ •