CVE-2017-7434 – NetIQ Identity Manager JDBC driver could leak passwords in exception traces
https://notcve.org/view.php?id=CVE-2017-7434
In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles. En el controlador JDBC en NetIQ Identity Manager en versiones anteriores a la 4.6, el envío de configuraciones XML incorrectas podría resultar en que las contraseñas se registren en archivos de registro de excepciones. • https://bugzilla.suse.com/show_bug.cgi?id=1005907 https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2017-9279 – NetIQ Identity Manager allowed uploading of user icons with incorrect types or extensions
https://notcve.org/view.php?id=CVE-2017-9279
NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users. NetIQ Identity Manager, en versiones anteriores a la 4.5.6.1, permitía la subida de archivos con doble extensión o contenido sin imágenes en la manipulación de temas de User Application Administration. Esto permitía que usuarios administradores maliciosos ejecutasen código o confundiesen a los usuarios. • https://bugzilla.suse.com/show_bug.cgi?id=1049129 https://download.novell.com/Download?buildid=K7lbPAGJyIk~ • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2017-7426 – iManager - XML External Entity vulnerabilities
https://notcve.org/view.php?id=CVE-2017-7426
The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks. NetIQ Identity Manager Plugins, en versiones anteriores a la 4.6.1, contenía varios errores de gestión de XEE (XML External Entity) que podrían ser empleados por atacantes para filtrar información o provocar ataques de denegación de servicio (DoS). • https://www.novell.com/support/kb/doc.php?id=7021173 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2016-1592
https://notcve.org/view.php?id=CVE-2016-1592
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. XSS en NetIQ Designer para Identity Manager en versiones anteriores a 4.5.3 permite a atacantes remotos inyectar un código HTML arbitrario a través del CGI nrfEntitlementReport.do. • http://www.securityfocus.com/bid/93973 https://download.novell.com/Download?buildid=QgHXVOxv310~ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-0787
https://notcve.org/view.php?id=CVE-2015-0787
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI. XSS en NetIQ Designer para Identity Manager en versiones anteriores a 4.5.3 permite a atacantes remotos inyectar un código HTML arbitrario a través del valor accessMgrDN del CGI forgotUser.do. • http://www.securityfocus.com/bid/93972 https://download.novell.com/Download?buildid=QgHXVOxv310~ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •