EDirectory Security Vulnerabilities
NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL.
7.5CVSS
7.7AI Score
0.001EPSS
A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking.
6.5CVSS
6.6AI Score
0.002EPSS
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.
7.5CVSS
7.5AI Score
0.008EPSS
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
8.8CVSS
8.7AI Score
0.002EPSS
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.
7.5CVSS
7.4AI Score
0.002EPSS
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.
7.5CVSS
7.4AI Score
0.002EPSS
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
9.8CVSS
9.3AI Score
0.003EPSS
Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation.
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
7.5CVSS
7.4AI Score
0.007EPSS
6.1CVSS
6.2AI Score
0.001EPSS