CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7677 – CSRF in NetIQ Access Manager (NAM) Identity Server component
https://notcve.org/view.php?id=CVE-2018-7677
A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component. Existe exposición CSRF en NetIQ Access Manager (NAM) 4.4, en el componente Identity Server. • http://www.securityfocus.com/bid/103420 https://www.netiq.com/support/kb/doc.php?id=7022725 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7678 – XSS vulnerability in NetIQ Access Manager (NAM) Admin Console component
https://notcve.org/view.php?id=CVE-2018-7678
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4. Existe una vulnerabilidad de Cross-Site Scripting (XSS) en la consola de administración en NetIQ Access Manager (NAM) , versiones 4.3 y 4.4. • http://www.securityfocus.com/bid/103421 https://www.netiq.com/support/kb/doc.php?id=7022724 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7419 – NetIQ Access Manager OAuth Consent screen XSS attack
https://notcve.org/view.php?id=CVE-2017-7419
A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider. Una aplicación OAuth en NetIQ Access Manager, en versiones 4.3 anteriores a la 4.3.2 y versiones 4.2 anteriores a la 4.2.4, permitía ataques de Cross-Site Scripting (XSS) debido a un campo "description" sin escapar que podría especificar el proveedor. • https://bugzilla.suse.com/show_bug.cgi?id=1031853 https://www.novell.com/support/kb/doc.php?id=7019893 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14801 – Reflected xss in Admin Console REST interface
https://notcve.org/view.php?id=CVE-2017-14801
Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter. Cross-Site Scripting (XSS) reflejado en NetIQ Access Manager, en versiones anteriores a la 4.3.3, permitía que atacantes reflejasen XSS en la página llamada empleando el parámetro url. • https://www.novell.com/support/kb/doc.php?id=7022357 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14802 – Unvalidated Redirect in NetIQ Access Manager after upgrading to NAM 4.3 AC and IDP URLs
https://notcve.org/view.php?id=CVE-2017-14802
Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites. Los servidores Novell Access Manager Admin Console y IDP en versiones anteriores a la 4.3.3 tienen una URL que podría ser empleada por atacantes remotos para desencadenar redirecciones sin validar a sitios de terceros. • https://www.novell.com/support/kb/doc.php?id=7022360 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •