CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4554 – Multiple xss vulnerability in NetIQ Access Manager
https://notcve.org/view.php?id=CVE-2024-4554
28 Aug 2024 — Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects NetIQ Access Manager before 5.0.4.1 and 5.1. Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects NetIQ Access Manager before 5.0.4.1 and 5.1. • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4555 – User impersonation with MFA when configure in specific way
https://notcve.org/view.php?id=CVE-2024-4555
28 Aug 2024 — Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1 Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1 • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4556 – Directory traversal vulnerability in NetIQ Access Manager
https://notcve.org/view.php?id=CVE-2024-4556
28 Aug 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1. • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11847 – Vulnerability in sshrelay in privileged access manager provides full system access.
https://notcve.org/view.php?id=CVE-2020-11847
21 Aug 2024 — SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1. • https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11846 – Improper handling of token allows access to restricted resource in Privileged Access Manager
https://notcve.org/view.php?id=CVE-2020-11846
21 Aug 2024 — A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1. A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager be... • https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2021-22531
https://notcve.org/view.php?id=CVE-2021-22531
12 May 2022 — A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0 Se presenta un bug en el parámetro input de Access Manager que permite a el suministro de caracteres no válidos desencadenar una vulnerabilidad de tipo cross-site scripting. Esto afecta a NetIQ Access Manager versiones 4.5 y 5.0 • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26326 – Potential open redirection vulnerability in NetIQ Access Manager versions prior to version 5.0.2
https://notcve.org/view.php?id=CVE-2022-26326
02 May 2022 — Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2 Una potencial vulnerabilidad de redireccionamiento abierto cuando la URL está diseñada en un formato específico en NetIQ Access Manager versiones anteriores a 5.0.2 • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26325 – Cross Site Scripting vulnerability in NetIQ Access Manager versions prior to version 5.0.2
https://notcve.org/view.php?id=CVE-2022-26325
02 May 2022 — Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2 Una vulnerabilidad de tipo Cross Site Scripting (XSS) Reflejado en NetIQ Access Manager versiones anteriores a 5.0.2 • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22526 – Open Redirection vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
https://notcve.org/view.php?id=CVE-2021-22526
13 Sep 2021 — Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 Una vulnerabilidad de Redirección Abierta en NetIQ Access Manager versiones anteriores a 5.0.1 y 4.5.4 • https://support.microfocus.com/kb/doc.php?id=7025257 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22524 – Denial of service vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
https://notcve.org/view.php?id=CVE-2021-22524
13 Sep 2021 — Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 Un ataque de inyección causó una vulnerabilidad de denegación de servicio en NetIQ Access Manager versiones anteriores a 5.0.1 y 4.5.4 • https://support.microfocus.com/kb/doc.php?id=7025256 • CWE-91: XML Injection (aka Blind XPath Injection) •