CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9279 – NetIQ Identity Manager allowed uploading of user icons with incorrect types or extensions
https://notcve.org/view.php?id=CVE-2017-9279
02 Mar 2018 — NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users. NetIQ Identity Manager, en versiones anteriores a la 4.5.6.1, permitía la subida de archivos con doble extensión o contenido sin imágenes en la manipulación de temas de User Application Administration. Esto permitía que usuarios administradores maliciosos ej... • https://bugzilla.suse.com/show_bug.cgi?id=1049129 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9280 – Novell Identity Manager User Application get request url contains the session token.
https://notcve.org/view.php?id=CVE-2017-9280
02 Mar 2018 — Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar. Algunas versiones de NetIQ Identity Manager Applications anteriores a la Identity Manager 4.5.6.1 incluían el token de sesión en las URL GET. Esto podría permitir se expongan sesiones de usuario a terceros mediante proxies, url de referencia o similares. • https://bugzilla.suse.com/show_bug.cgi?id=1049143 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7426 – iManager - XML External Entity vulnerabilities
https://notcve.org/view.php?id=CVE-2017-7426
01 Mar 2018 — The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks. NetIQ Identity Manager Plugins, en versiones anteriores a la 4.6.1, contenía varios errores de gestión de XEE (XML External Entity) que podrían ser empleados por atacantes para filtrar información o provocar ataques de denegación de servicio (DoS). • https://www.novell.com/support/kb/doc.php?id=7021173 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-9272
https://notcve.org/view.php?id=CVE-2017-9272
06 Oct 2017 — The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack. El controlador bidireccional en IDM 4.5 en versiones anteriores a la 4.0.3.0 podría ser susceptible a un ataque de denegación de servicio (DoS). • https://download.microfocus.com/Download?buildid=SRL-_pc5pR8 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-9273
https://notcve.org/view.php?id=CVE-2017-9273
06 Oct 2017 — The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes. El controlador bidireccional en IDM 4.5 en versiones anteriores a la 4.0.3.0 podría ser susceptible a cambios de la configuración del registro sin autorización. • https://download.microfocus.com/Download?buildid=SRL-_pc5pR8 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5334 – VMware Security Advisory 2016-0021
https://notcve.org/view.php?id=CVE-2016-5334
24 Nov 2016 — VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. VMware Identity Manager 2.x en versiones anteriores a 2.7.1 y vRealize Automation 7.x en versiones anteriores a 7.2.0 permite a atacantes remotos leer archivos /SAAS/WEB-INF y /SAAS/META-INF a través de vectores no especificados. VMware product updates address partial information disclosure vulnerability. • http://www.securityfocus.com/bid/94482 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0787
https://notcve.org/view.php?id=CVE-2015-0787
27 Oct 2016 — XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI. XSS en NetIQ Designer para Identity Manager en versiones anteriores a 4.5.3 permite a atacantes remotos inyectar un código HTML arbitrario a través del valor accessMgrDN del CGI forgotUser.do. • http://www.securityfocus.com/bid/93972 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1592
https://notcve.org/view.php?id=CVE-2016-1592
27 Oct 2016 — XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. XSS en NetIQ Designer para Identity Manager en versiones anteriores a 4.5.3 permite a atacantes remotos inyectar un código HTML arbitrario a través del CGI nrfEntitlementReport.do. • http://www.securityfocus.com/bid/93973 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1598
https://notcve.org/view.php?id=CVE-2016-1598
27 Oct 2016 — XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages. XSS en NetIQ IDM 4.5 Identity Applications en versiones anteriores a 4.5.4 permite a los atacantes capaces de cambiar su nombre de usuario inyectar un código HTML arbitrario dentro de las páginas HTML de administrador Role Assignment. • http://www.securityfocus.com/bid/93833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5335 – VMware Security Advisory 2016-0013
https://notcve.org/view.php?id=CVE-2016-5335
24 Aug 2016 — VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors. VMware Identity Manager 2.x en versiones anteriores a 2.7 y vRealize Automation 7.0.x en versiones anteriores a 7.1 permiten a usuarios locales obtener acceso root a través de vectores no especificados. VMware Identity Manager and vRealize Automation updates address multiple security issues. • http://www.securityfocus.com/bid/92608 •