Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.
7.5CVSS
7.5AI Score
0.008EPSS
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
8.8CVSS
8.7AI Score
0.002EPSS
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
9.8CVSS
9.3AI Score
0.003EPSS
Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation.
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.001EPSS