13 results (0.010 seconds)

CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0

A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0 Se presenta un bug en el parámetro input de Access Manager que permite a el suministro de caracteres no válidos desencadenar una vulnerabilidad de tipo cross-site scripting. Esto afecta a NetIQ Access Manager versiones 4.5 y 5.0 • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 Una vulnerabilidad de Redirección Abierta en NetIQ Access Manager versiones anteriores a 5.0.1 y 4.5.4 • https://support.microfocus.com/kb/doc.php?id=7025257 https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 Un ataque de inyección causó una vulnerabilidad de denegación de servicio en NetIQ Access Manager versiones anteriores a 5.0.1 y 4.5.4 • https://support.microfocus.com/kb/doc.php?id=7025256 https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html • CWE-91: XML Injection (aka Blind XPath Injection) •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 Una vulnerabilidad de filtrado de información en NetIQ Access Manager versiones anteriores a 5.0.1 y 4.5.4 • https://support.microfocus.com/kb/doc.php?id=7025258 https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0

Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 Una vulnerabilidad de tipo Cross Site Scripting (XSS) Reflejado en NetIQ Access Manager versiones anteriores a 5.0.1 y 4.5.4 • https://support.microfocus.com/kb/doc.php?id=7025259 https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •