This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or...
6.5CVSS
6.4AI Score
0.0004EPSS
A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and...
6.1CVSS
5.9AI Score
0.001EPSS
Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to...
6.1CVSS
6.2AI Score
0.001EPSS
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to...
6.1CVSS
5.9AI Score
0.001EPSS
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and...
8CVSS
5.2AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.002EPSS
6.1CVSS
6.2AI Score
0.001EPSS
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and...
5.4CVSS
5.2AI Score
0.001EPSS
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to...
5.5CVSS
5.3AI Score
0.0004EPSS
An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to...
9.8CVSS
9.3AI Score
0.003EPSS
6.1CVSS
5.9AI Score
0.001EPSS
8.8CVSS
8.6AI Score
0.001EPSS
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and...
4.8CVSS
4.9AI Score
0.001EPSS
A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative...
9.8CVSS
9.4AI Score
0.005EPSS
In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the...
9.8CVSS
9.6AI Score
0.616EPSS
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer...
6.1CVSS
5.9AI Score
0.001EPSS
iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication...
9.8CVSS
9.6AI Score
0.006EPSS
NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE)...
5.5CVSS
5.4AI Score
0.0005EPSS
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication...
6.1CVSS
6AI Score
0.001EPSS
A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high...
8.8CVSS
8.5AI Score
0.001EPSS
The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original...
7.5CVSS
7.4AI Score
0.002EPSS
The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote...
8.8CVSS
8.8AI Score
0.005EPSS
Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before...
7.5CVSS
7.3AI Score
0.002EPSS
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in...
5.5CVSS
5.3AI Score
0.0004EPSS
Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl,...
6.1CVSS
6.1AI Score
0.001EPSS
NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption"...
6.5CVSS
6.4AI Score
0.001EPSS