CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2021-22531
https://notcve.org/view.php?id=CVE-2021-22531
12 May 2022 — A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0 Se presenta un bug en el parámetro input de Access Manager que permite a el suministro de caracteres no válidos desencadenar una vulnerabilidad de tipo cross-site scripting. Esto afecta a NetIQ Access Manager versiones 4.5 y 5.0 • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22526 – Open Redirection vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
https://notcve.org/view.php?id=CVE-2021-22526
13 Sep 2021 — Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 Una vulnerabilidad de Redirección Abierta en NetIQ Access Manager versiones anteriores a 5.0.1 y 4.5.4 • https://support.microfocus.com/kb/doc.php?id=7025257 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22524 – Denial of service vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
https://notcve.org/view.php?id=CVE-2021-22524
13 Sep 2021 — Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 Un ataque de inyección causó una vulnerabilidad de denegación de servicio en NetIQ Access Manager versiones anteriores a 5.0.1 y 4.5.4 • https://support.microfocus.com/kb/doc.php?id=7025256 • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22527 – Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
https://notcve.org/view.php?id=CVE-2021-22527
13 Sep 2021 — Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 Una vulnerabilidad de filtrado de información en NetIQ Access Manager versiones anteriores a 5.0.1 y 4.5.4 • https://support.microfocus.com/kb/doc.php?id=7025258 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22528 – Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
https://notcve.org/view.php?id=CVE-2021-22528
13 Sep 2021 — Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 Una vulnerabilidad de tipo Cross Site Scripting (XSS) Reflejado en NetIQ Access Manager versiones anteriores a 5.0.1 y 4.5.4 • https://support.microfocus.com/kb/doc.php?id=7025259 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22525
https://notcve.org/view.php?id=CVE-2021-22525
02 Sep 2021 — This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1 Esta versión soluciona una posible vulnerabilidad de filtrado de información en NetIQ Access Manager versiones anteriores a 5.0.1 • https://support.microfocus.com/kb/doc.php?id=7025254 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25840
https://notcve.org/view.php?id=CVE-2020-25840
26 Mar 2021 — Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction. Una vulnerabilidad de tipo Cross-Site scripting en el producto Micro Focus Access Manager afecta a todas las versiones anteriores a 5.0. La vulnerabilidad podría causar una destrucción de la configuración. • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 37%CPEs: 1EXPL: 0CVE-2021-22506 – Micro Focus Access Manager Information Leakage Vulnerability
https://notcve.org/view.php?id=CVE-2021-22506
26 Mar 2021 — Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage. Una configuración avanzada que expone una vulnerabilidad de Filtrado de Información en el producto Micro Focus Access Manager afecta a todas las versiones anteriores a 5.0. La vulnerabilidad podría causar un filtrado de información. Micro Focus Access Manager contains an information leakage vulnerability res... • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22496
https://notcve.org/view.php?id=CVE-2021-22496
25 Mar 2021 — Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage. Una vulnerabilidad de Omisión de Autenticación en Micro Focus Access Manager Product afecta a todas las versiones anteriores a 4.5.3.3. La vulnerabilidad podría causar una filtración de información • https://www.netiq.com/documentation/access-manager-45-appliance/accessmanager453-p3-release-notes/data/accessmanager453-p3-release-notes.html • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18255
https://notcve.org/view.php?id=CVE-2018-18255
15 Mar 2019 — An issue was discovered in CapMon Access Manager 5.4.1.1005. The client applications of AccessManagerCoreService.exe communicate with this server through named pipes. A user can initiate communication with the server by creating a named pipe and sending commands to achieve elevated privileges. Se ha descubierto un problema en CapMon Access Manager 5.4.1.1005. Las aplicaciones de cliente de AccessManagerCoreService.exe se comunican con este servidor mediante tuberías nombradas. • https://improsec.com/tech-blog/cam1 • CWE-287: Improper Authentication •