CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12461 – Certificate Revocation Check failure
https://notcve.org/view.php?id=CVE-2018-12461
10 Jul 2018 — Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. Problemas solucionados con NetIQ eDirectory en versiones anteriores a la 9.1.1 al comprobar la revocación de certificados. • https://www.netiq.com/support/kb/doc.php?id=7016794 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1346 – NetIQ eDirectory Denial of Service
https://notcve.org/view.php?id=CVE-2018-1346
21 Mar 2018 — Addresses denial of service attack to eDirectory versions prior to 9.1. Se trata de un ataque de denegación de servicio (DoS) en eDirectory, en versiones anteriores a la 9.1. • http://www.securityfocus.com/bid/103493 •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-7429 – Fix for NetIQ shell code upload
https://notcve.org/view.php?id=CVE-2017-7429
02 Mar 2018 — The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. La subida de certificados en el plugin NetIQ eDirectory PKI, en versiones anteriores a 8.8.8 Patch 10 Hotfix 1, podría aprovecharse para subir código JSP que puede ser empleado por atacantes autenticados para ejecutar applets JSP en el servidor iManager. • https://bugzilla.suse.com/show_bug.cgi?id=1024957 • CWE-295: Improper Certificate Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-9285 – Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface
https://notcve.org/view.php?id=CVE-2017-9285
02 Mar 2018 — NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. NetIQ eDirectory, en versiones anteriores a la 9.0 SP4, no imponía restricciones de inicio de sesión al emplear "ebaclient". Esto permitía el acceso no autorizado a los servicios de eDirectory. • https://bugzilla.suse.com/show_bug.cgi?id=1029077 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-5186
https://notcve.org/view.php?id=CVE-2017-5186
27 Apr 2017 — Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. Novell iManager versión 2.7 anterior a SP7 Patch 9, Novell eDirectory 8.8.x anterior a 8.8 SP8 Patch 9 Hotfix 2, NetIQ eDirectory 9.x anterior a 9.0.2 Hotfix 2 (9.0.2.2) y NetIQ iManager 3.x anterior a 3.0.2.1 usan el algoritmo de hashing MD5 en un ... • https://bugzilla.novell.com/show_bug.cgi?id=1019041 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •