CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4554 – Multiple xss vulnerability in NetIQ Access Manager
https://notcve.org/view.php?id=CVE-2024-4554
28 Aug 2024 — Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects NetIQ Access Manager before 5.0.4.1 and 5.1. Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects NetIQ Access Manager before 5.0.4.1 and 5.1. • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4555 – User impersonation with MFA when configure in specific way
https://notcve.org/view.php?id=CVE-2024-4555
28 Aug 2024 — Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1 Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1 • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4556 – Directory traversal vulnerability in NetIQ Access Manager
https://notcve.org/view.php?id=CVE-2024-4556
28 Aug 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1. • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11843 – Potential information leakage in administrator enabled debug mode
https://notcve.org/view.php?id=CVE-2020-11843
11 Jun 2024 — This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before Esto permite la exposición de la información a usuarios no autorizados. Este problema afecta a NetIQ Access Manager con la versión 4.5 o anterior This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before • https://www.netiq.com/documentation/access-manager-44/accessmanager444-hf3-release-notes/data/accessmanager444-hf3-release-notes.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24468
https://notcve.org/view.php?id=CVE-2023-24468
15 Mar 2023 — Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2 • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6372/data/advanced-authentication-releasenotes-6372.html • CWE-284: Improper Access Control •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38758 – XSS vulnerabilities in iManager
https://notcve.org/view.php?id=CVE-2022-38758
25 Jan 2023 — Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL. Vulnerabilidad de cross site scripting (XSS) en NetIQ iManager anterior a la versión 3.2.6 permite a un atacante ejecutar scripts maliciosos en el navegador del usuario. Este problema afecta a: Micro Focus NetIQ iManager Versiones de NetIQ iManager anteriores a la 3.2... • https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26329 – File existence disclosue vulnerability in IDM plugin
https://notcve.org/view.php?id=CVE-2022-26329
24 Jan 2023 — File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL. Vulnerabilidad de divulgación de existencia de archivos en el complemento NetIQ Identity Manager anterior a la versión 4.8.5 permite a un atacante determinar si un archivo existe en el sistema de archivos. Este problema afecta a: Micro ... • https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm485/data/software-fixes.html • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11648
https://notcve.org/view.php?id=CVE-2019-11648
24 Jun 2019 — An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive information. Existe un filtrado de información en todas las versiones anteriores a la versión 4.4 de Self Service Password Reset Software de Micro Focus NetIQ. La vulnerabilidad podría ser explotada para exponer información sensible. • https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12462 – NetIQ iManager XSS vulnerabilities
https://notcve.org/view.php?id=CVE-2018-12462
10 Jul 2018 — NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities. NetIQ iManager 3.1.1 aborda vulnerabilidades de Cross-Site Scripting (XSS) potenciales. • https://support.microfocus.com/kb/doc.php?id=7016795 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12461 – Certificate Revocation Check failure
https://notcve.org/view.php?id=CVE-2018-12461
10 Jul 2018 — Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. Problemas solucionados con NetIQ eDirectory en versiones anteriores a la 9.1.1 al comprobar la revocación de certificados. • https://www.netiq.com/support/kb/doc.php?id=7016794 • CWE-295: Improper Certificate Validation •