Page 6 of 49 results (0.013 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header. Existe una vulnerabilidad de XSS en el URI /NAGErrors en NetIQ Access Manager 4.2 y 4.3 porque las páginas de Access Gateway Error no validan el encabezado HTTP Referer. • http://www.securityfocus.com/bid/98093 https://www.novell.com/support/kb/doc.php?id=7018793 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document. NetIQ Access Manager 4.2.2 y 4.3.x en versiones anteriores a 4.3.1+, cuando está configurado como Identity Server, tiene XSS en el campo AssertionConsumerServiceURL de un AuthnRequest firmado en un documento samlp: AuthnRequest. • https://www.novell.com/support/kb/doc.php?id=7018509 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile. NetIQ Access Manager 4.2 en versiones anteriores a SP3 HF1 y 4.3 en versiones anteriores a SP1 HF1 cuando está configurado como un SAML 2.0 Identity Server con Virtual Attributes, tiene un problema de concurrencia causando la fuga de información, relacionado con un perfil obsoleto. • http://www.securityfocus.com/bid/97965 http://www.securitytracker.com/id/1038338 https://www.novell.com/support/kb/doc.php?id=7018792 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting. NetIQ Access Manager 4.1 en versiones anteriores a 4.1.2 Hot Fix 1 y 4.2 en versiones anteriores a 4.2.2 era vulnerable a ataques de clickjacking debido a un filtro SAMEORIGIN perdido en la configuración "high encryption". • https://www.novell.com/support/kb/doc.php?id=7017812 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users. La función de carga de certificados en iManager en NetIQ Access Manager 4.1 en versiones anteriores a 4.1.2 Hot Fix 1 y 4.2 en versiones anteriores a 4.2.2 podría utilizarse para cargar páginas JSP que se ejecutarían como usuario iManager, permitiendo la ejecución de código por usuarios remotos conectados. • https://www.novell.com/support/kb/doc.php?id=7017807 • CWE-284: Improper Access Control •