CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5755
https://notcve.org/view.php?id=CVE-2016-5755
NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting. NetIQ Access Manager 4.1 en versiones anteriores a 4.1.2 Hot Fix 1 y 4.2 en versiones anteriores a 4.2.2 era vulnerable a ataques de clickjacking debido a un filtro SAMEORIGIN perdido en la configuración "high encryption". • https://www.novell.com/support/kb/doc.php?id=7017812 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5757
https://notcve.org/view.php?id=CVE-2016-5757
iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials. iManager Admin Console en NetIQ Access Manager 4.1 en versiones anteriores a 4.1.2 Hot Fix 1 y 4.2 en versiones anteriores a 4.2.2 era vulnerable a ataques de manipulación de iFrame, lo que podría permitir a usuarios remotos obtener acceso a las credenciales de autenticación. • https://www.novell.com/support/kb/doc.php?id=7017818 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-5750
https://notcve.org/view.php?id=CVE-2016-5750
The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users. La función de carga de certificados en iManager en NetIQ Access Manager 4.1 en versiones anteriores a 4.1.2 Hot Fix 1 y 4.2 en versiones anteriores a 4.2.2 podría utilizarse para cargar páginas JSP que se ejecutarían como usuario iManager, permitiendo la ejecución de código por usuarios remotos conectados. • https://www.novell.com/support/kb/doc.php?id=7017807 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 5CVE-2014-9412 – NetIQ Access Manager 4.0 SP1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-9412
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a different issue than CVE-2014-5216. Los dispositivos Cisco-Meraki MS, MR y MX con firmware anrerior a 2014-09-24 permiten a atacantes remotos obtener información sensible de credenciales aprovechando un manejador de acceso HTTP no especificado em ña red local, también conocido como Cisco-Meraki defect ID 00302012. • https://www.exploit-db.com/exploits/35594 http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html http://seclists.org/fulldisclosure/2014/Dec/78 https://www.novell.com/support/kb/doc.php?id=7015994 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 6CVE-2014-5216 – NetIQ Access Manager 4.0 SP1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-5216
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412. Múltiples vulnerabilidades XSS en NetIQ Access Manager (NAM) 4.x anterior a 4.0.1 HF3 permite a atacantes remotos inyectar scripts arbitrarios o HTML mediante (1) el parámetro de ubicación en una acción dev.Empty hacia nps/servlet/webacc, (2) el parámetro error hacia nidp/jsp/x509err.jsp, (3) el parámetro lang hacia sslvpn/applet_agent.jsp o (4) el parámetro secureLoggingServersA hacia roma/system/cntl, un problema distinto de CVE-2014-9412. NetIQ Access Manager version 4.0 SP1 suffers from cross site request forgery, external entity injection, information disclosure, and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/35594 http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html http://seclists.org/fulldisclosure/2014/Dec/78 https://www.novell.com/support/kb/doc.php?id=7015994 https://www.novell.com/support/kb/doc.php?id=7015996 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •