CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-7438 – DOM cross site scripting attack against NetIQ Privileged Account Manager
https://notcve.org/view.php?id=CVE-2017-7438
NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter. NetIQ Privileged Account Manager, en versiones anteriores a 3.1 Patch Update 3, permitía ataques de Cross-Site Scripting (XSS) mediante la modificación DOM empleando el parámetro proporcionado por la cookie. • https://bugzilla.suse.com/show_bug.cgi?id=1001355 https://www.netiq.com/documentation/privileged-account-manager-3/npam3103-release-notes/data/npam3103-release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9279 – NetIQ Identity Manager allowed uploading of user icons with incorrect types or extensions
https://notcve.org/view.php?id=CVE-2017-9279
NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users. NetIQ Identity Manager, en versiones anteriores a la 4.5.6.1, permitía la subida de archivos con doble extensión o contenido sin imágenes en la manipulación de temas de User Application Administration. Esto permitía que usuarios administradores maliciosos ejecutasen código o confundiesen a los usuarios. • https://bugzilla.suse.com/show_bug.cgi?id=1049129 https://download.novell.com/Download?buildid=K7lbPAGJyIk~ • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14801 – Reflected xss in Admin Console REST interface
https://notcve.org/view.php?id=CVE-2017-14801
Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter. Cross-Site Scripting (XSS) reflejado en NetIQ Access Manager, en versiones anteriores a la 4.3.3, permitía que atacantes reflejasen XSS en la página llamada empleando el parámetro url. • https://www.novell.com/support/kb/doc.php?id=7022357 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14802 – Unvalidated Redirect in NetIQ Access Manager after upgrading to NAM 4.3 AC and IDP URLs
https://notcve.org/view.php?id=CVE-2017-14802
Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites. Los servidores Novell Access Manager Admin Console y IDP en versiones anteriores a la 4.3.3 tienen una URL que podría ser empleada por atacantes remotos para desencadenar redirecciones sin validar a sitios de terceros. • https://www.novell.com/support/kb/doc.php?id=7022360 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9276 – XSS Vulnerability in iManager
https://notcve.org/view.php?id=CVE-2017-9276
Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter. Novell Access Manager iManager, en versiones anteriores a la 4.3.3, no validaba parámetros, por lo que el contenido de Cross-Site Scripting (XSS) podía reflejarse de nuevo en la página de resultados mediante un parámetro "a". • https://www.novell.com/support/kb/doc.php?id=7022359 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •