CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1343
https://notcve.org/view.php?id=CVE-2018-1343
PAM exposure enabling unauthenticated access to remote host La exposición de PAM permite el acceso no autenticado al host remoto. • https://www.netiq.com/documentation/privileged-account-manager-3/npam3104-release-notes/data/npam3104-release-notes.html https://www.netiq.com/documentation/privileged-account-manager-3/npam3203-release-notes/data/npam3203-release-notes.html https://www.novell.com/support/kb/doc.php?id=7022630 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-7437 – Cross site scripting attacks against NetIQ Privileged Account Manager
https://notcve.org/view.php?id=CVE-2017-7437
NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests. NetIQ Privileged Account Manager, en versiones anteriores a 3.1 Patch Update 3, permitía ataques de Cross-Site Scripting (XSS) mediante los parámetros "type" y "account" de peticiones json. • https://bugzilla.suse.com/show_bug.cgi?id=1001069 https://www.netiq.com/documentation/privileged-account-manager-3/npam3103-release-notes/data/npam3103-release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-7438 – DOM cross site scripting attack against NetIQ Privileged Account Manager
https://notcve.org/view.php?id=CVE-2017-7438
NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter. NetIQ Privileged Account Manager, en versiones anteriores a 3.1 Patch Update 3, permitía ataques de Cross-Site Scripting (XSS) mediante la modificación DOM empleando el parámetro proporcionado por la cookie. • https://bugzilla.suse.com/show_bug.cgi?id=1001355 https://www.netiq.com/documentation/privileged-account-manager-3/npam3103-release-notes/data/npam3103-release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •