CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38758 – XSS vulnerabilities in iManager
https://notcve.org/view.php?id=CVE-2022-38758
25 Jan 2023 — Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL. Vulnerabilidad de cross site scripting (XSS) en NetIQ iManager anterior a la versión 3.2.6 permite a un atacante ejecutar scripts maliciosos en el navegador del usuario. Este problema afecta a: Micro Focus NetIQ iManager Versiones de NetIQ iManager anteriores a la 3.2... • https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17949
https://notcve.org/view.php?id=CVE-2018-17949
12 Dec 2018 — Cross site scripting vulnerability in iManager prior to 3.1 SP2. Vulnerabilidad Cross-Site Scripting (XSS) en iManager en versiones anteriores a la 3.1 SP2. • https://www.netiq.com/documentation/imanager-31/imanager312_releasenotes/data/imanager312_releasenotes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1345 – iManager elevation of privilege
https://notcve.org/view.php?id=CVE-2018-1345
21 Mar 2018 — NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack. NetIQ iManager, en versiones anteriores a la 3.1, podría ser susceptible bajo ciertas circunstancias a un ataque de elevación de privilegios. • https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1347 – NetIQ iManager, versions prior to 3.1, reflected XSS issue
https://notcve.org/view.php?id=CVE-2018-1347
21 Mar 2018 — The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting. La interfaz web administrativa en NetIQ iManager, en versiones anteriores a la 3.1, es vulnerable a Cross-Site Scripting (XSS) reflejado. • http://www.securityfocus.com/bid/103492 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1344 – NetIQ iManager Communication Downgrade Attack
https://notcve.org/view.php?id=CVE-2018-1344
21 Mar 2018 — Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1 Se trata de un potencial ataque de degradación de comunicaciones en NetIQ iManager, en versiones anteriores a la 3.1. • https://www.netiq.com/documentation/imanager-31/imanager31_releasenotes/data/imanager31_releasenotes.html •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7425 – Multiple Reflected XSS in iManager
https://notcve.org/view.php?id=CVE-2017-7425
06 Nov 2017 — Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2. Existen múltiples problemas potenciales de XSS reflejado en NetIQ iManager en versiones anteriores a la 2.7.7 Patch 10 HF2 y 3.0.3.2. • https://www.netiq.com/documentation/imanager-3/imanager3032_releasenotes/data/imanager3032_releasenotes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-5186
https://notcve.org/view.php?id=CVE-2017-5186
27 Apr 2017 — Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. Novell iManager versión 2.7 anterior a SP7 Patch 9, Novell eDirectory 8.8.x anterior a 8.8 SP8 Patch 9 Hotfix 2, NetIQ eDirectory 9.x anterior a 9.0.2 Hotfix 2 (9.0.2.2) y NetIQ iManager 3.x anterior a 3.0.2.1 usan el algoritmo de hashing MD5 en un ... • https://bugzilla.novell.com/show_bug.cgi?id=1019041 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2013-3268
https://notcve.org/view.php?id=CVE-2013-3268
24 Apr 2013 — Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors. Novell iManager v2.7 antes del parche SP6 1 no se actualiza un identificador después de una acción de cierre de sesión, que tiene un impacto no especificado y vectores de ataque a distancia. • http://www.novell.com/support/kb/doc.php?id=7010166 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2013-1088
https://notcve.org/view.php?id=CVE-2013-1088
24 Apr 2013 — Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en iManager de Novell versión 2.7 anterior a SP6 Parche 1, permite a los atacantes remotos secuestrar la autenticación de usuarios arbitrarios mediante el aprovechamiento de la comprobac... • http://www.novell.com/support/kb/doc.php?id=7010166 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 50%CPEs: 10EXPL: 0CVE-2011-4188
https://notcve.org/view.php?id=CVE-2011-4188
09 Apr 2012 — Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted EnteredAttrName parameter, a related issue to CVE-2010-1929. Desbordamiento de búfer en la función "Create Attribute" de JClient en Novell iManager v2.7.4 antes del parche 4 permite a usuarios remotos autenticados provocar una denegación de servicio (caída de la aplicación... • http://secunia.com/advisories/48672 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •