CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26329 – File existence disclosue vulnerability in IDM plugin
https://notcve.org/view.php?id=CVE-2022-26329
24 Jan 2023 — File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL. Vulnerabilidad de divulgación de existencia de archivos en el complemento NetIQ Identity Manager anterior a la versión 4.8.5 permite a un atacante determinar si un archivo existe en el sistema de archivos. Este problema afecta a: Micro ... • https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm485/data/software-fixes.html • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9284 – IDM 4.6 Identity Applications information leakage
https://notcve.org/view.php?id=CVE-2017-9284
26 Apr 2018 — IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information. IDM 4.6 Identity Applications en versiones anteriores a la 4.6.2.1 puede exponer información sensible. • https://download.microfocus.com/Download?buildid=Xg1dZMVbBzs~ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7674 – IDM URL Redirection attack
https://notcve.org/view.php?id=CVE-2018-7674
28 Mar 2018 — The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection. La consola de usuario de NetIQ Identity Manager, en versiones anteriores a la 4.7, es susceptible a la redirección de URL. • https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7676 – IDM Information Leakage
https://notcve.org/view.php?id=CVE-2018-7676
28 Mar 2018 — The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information. En NetIQ Identity Manager, en versiones anteriores a la 4.7, userapp con log / trace habilitado podría filtrar información sensible. • https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7673 – NetIQ Identity Manager DoS Attack
https://notcve.org/view.php?id=CVE-2018-7673
26 Mar 2018 — The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack. El canal de comunicación NetIQ Identity Manager, en versiones anteriores a la 4.7, es vulnerable a un ataque de denegación de servicio (DoS). • http://www.securityfocus.com/bid/103533 •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1348 – NetIQ Identity Manager SSL Renegotiation
https://notcve.org/view.php?id=CVE-2018-1348
26 Mar 2018 — NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack. El controlador NetIQ Identity Manager, en versiones anteriores a la 4.7, permite que se produzca una renegociación del protocolo de enlace SSL, lo que podría dar como resultado una ataque Man in the Middle (MitM). • http://www.securityfocus.com/bid/103530 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1349 – NetIQ Identity Manager Driver Component Log File Information Leakage
https://notcve.org/view.php?id=CVE-2018-1349
26 Mar 2018 — The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration. El archivo de registro del controlador NetIQ Identity Manager, en versiones anteriores a la 4.7, ofrece detalles que podrían ayudar en la enumeración de la configuración o el sistema. • http://www.securityfocus.com/bid/103531 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1350 – NetIQ Identity Manager Driver Component Information Leakage
https://notcve.org/view.php?id=CVE-2018-1350
26 Mar 2018 — The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration. El archivo de registro del controlador NetIQ Identity Manager, en versiones anteriores a la 4.7, ofrece detalles que podrían ayudar en la enumeración del sistema. • http://www.securityfocus.com/bid/103532 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7427 – iManager - Multiple Reflected Cross-Site Scripting attacks
https://notcve.org/view.php?id=CVE-2017-7427
05 Mar 2018 — Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector, via vdtData in the Version discovery and via nextFrame in the Object Inspector and via Host GUID in the System details plugins. Se han encontrado múltiples ataques de Cross-Site Scripting (XSS) en el plugin Identit... • https://bugzilla.suse.com/show_bug.cgi?id=1033828 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7434 – NetIQ Identity Manager JDBC driver could leak passwords in exception traces
https://notcve.org/view.php?id=CVE-2017-7434
02 Mar 2018 — In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles. En el controlador JDBC en NetIQ Identity Manager en versiones anteriores a la 4.6, el envío de configuraciones XML incorrectas podría resultar en que las contraseñas se registren en archivos de registro de excepciones. • https://bugzilla.suse.com/show_bug.cgi?id=1005907 • CWE-532: Insertion of Sensitive Information into Log File •