Lucene search

NetIQ Access Manager Security Vulnerabilities

cve

CVE-2020-11843

This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-11 08:15 AM

cve

CVE-2021-22531

A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and...

6.1CVSS

5.9AI Score

0.001EPSS

2022-05-12 07:15 PM

cve

CVE-2022-26326

Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to...

6.1CVSS

6.2AI Score

0.001EPSS

2022-05-02 07:15 PM

cve

CVE-2022-26325

Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to...

6.1CVSS

5.9AI Score

0.001EPSS

2022-05-02 07:15 PM

cve

CVE-2021-22528

Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and...

8CVSS

5.2AI Score

0.001EPSS

2021-09-13 12:15 PM

cve

CVE-2021-22527

Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and...

7.5CVSS

7.4AI Score

0.002EPSS

2021-09-13 12:15 PM

cve

CVE-2021-22526

Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and...

6.1CVSS

6.2AI Score

0.001EPSS

2021-09-13 12:15 PM

cve

CVE-2021-22524

Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and...

5.4CVSS

5.2AI Score

0.001EPSS

2021-09-13 12:15 PM

cve

CVE-2021-22525

This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to...

5.5CVSS

5.3AI Score

0.0004EPSS

2021-09-02 05:15 PM

cve

CVE-2018-19645

An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to...

9.8CVSS

9.3AI Score

0.003EPSS

2019-02-12 08:29 PM

cve

CVE-2018-12480

Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4...

6.1CVSS

5.9AI Score

0.001EPSS

2018-11-15 01:29 PM

cve

CVE-2018-7677

A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server...

8.8CVSS

8.6AI Score

0.001EPSS

2018-03-14 03:29 PM

cve

CVE-2018-7678

A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and...

4.8CVSS

4.9AI Score

0.001EPSS

2018-03-14 03:29 PM

cve

CVE-2018-1342

A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative...

9.8CVSS

9.4AI Score

0.005EPSS

2018-01-26 02:29 AM

cve

CVE-2017-14803

In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the...

9.8CVSS

9.6AI Score

0.616EPSS

2018-01-20 12:29 AM

cve

CVE-2017-5191

An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer...

6.1CVSS

5.9AI Score

0.001EPSS

2017-04-24 06:59 PM

cve

CVE-2016-5757

iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication...

9.8CVSS

9.6AI Score

0.006EPSS

2017-03-23 06:59 AM

cve

CVE-2016-5749

NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE)...

5.5CVSS

5.4AI Score

0.0005EPSS

2017-03-23 06:59 AM

cve

CVE-2016-5751

An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication...

6.1CVSS

6AI Score

0.001EPSS

2017-03-23 06:59 AM

cve

CVE-2016-5758

A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high...

8.8CVSS

8.5AI Score

0.001EPSS

2017-03-23 06:59 AM

cve

CVE-2016-5752

The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original...

7.5CVSS

7.4AI Score

0.002EPSS

2017-03-23 06:59 AM

cve

CVE-2016-5750

The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote...

8.8CVSS

8.8AI Score

0.005EPSS

2017-03-23 06:59 AM

cve

CVE-2016-5754

Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before...

7.5CVSS

7.3AI Score

0.002EPSS

2017-03-23 06:59 AM

cve

CVE-2016-5748

External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in...

5.5CVSS

5.3AI Score

0.0004EPSS

2017-03-23 06:59 AM

cve

CVE-2016-5756

Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl,...

6.1CVSS

6.1AI Score

0.001EPSS

2017-03-23 06:59 AM

cve

CVE-2016-5755

NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption"...

6.5CVSS

6.4AI Score

0.001EPSS

2017-03-23 06:59 AM