Lucene search
K
MicrofocusAccess Manager

18 matches found

CVE
CVE
added 2021/03/26 1:37 p.m.1011 views

CVE-2021-22506

Mode C: Affected product is Micro Focus Access Manager prior to version 5.0. The connected documents describe an Information Leakage vulnerability (CVE-2021-22506) in the Access Manager, arising from an advance configuration exposure that could disclose information. The Nessus entry additionally ...

7.5CVSS7.6AI score0.25695EPSS
In wild
CVE
CVE
added 2022/05/12 6:52 p.m.68 views

CVE-2021-22531

The CVE-2021-22531 issue affects NetIQ Access Manager 4.5 and 5.0. Affected component: input parameter handling in Access Manager. Root cause: improper handling allows supply of an invalid character, enabling cross-site scripting (XSS). Impact: XSS vulnerability in affected deployments. Exploitat...

6.1CVSS5.9AI score0.00513EPSS
CVE
CVE
added 2014/12/23 11:0 a.m.64 views

CVE-2014-5217

CVE-2014-5217 affects NetIQ Access Manager (NAM) 4.x prior to 4.1. The CSRF in the webacc servlet allows an authenticated admin session to change the administrative password via fw.SetPassword. The vulnerability requires an authenticated administrator and is documented alongside other issues (XXE...

6.8CVSS7.2AI score0.01367EPSS
Web
CVE
CVE
added 2014/12/23 11:0 a.m.53 views

CVE-2014-5214

The CVE-2014-5214 issue affects NetIQ Access Manager (NAM) 4.x, specifically the iManager Administration Console's nps/servlet/webacc component. It enables an XML External Entity (XXE) injection via a query parameter containing an XML entity declaration, allowing remote authenticated novlwww user...

4CVSS6.2AI score0.01922EPSS
Web
CVE
CVE
added 2014/12/23 11:0 a.m.53 views

CVE-2014-5216

NetIQ Access Manager (NAM) 4.x is affected by multiple reflected XSS vulnerabilities (CVE-2014-5216) in NAM prior to 4.0.1 HF3. The issues allow remote attackers to inject arbitrary script via (1) location in dev.Empty to nps/servlet/webacc, (2) error in nidp/jsp/x509err.jsp, (3) lang in sslvpn/a...

4.3CVSS5.6AI score0.03236EPSS
Web
CVE
CVE
added 2021/03/26 1:41 p.m.50 views

CVE-2020-25840

The CVE-2020-25840 entry concerns a Cross‑Site Scripting (XSS) vulnerability in Micro Focus Access Manager. Affected software is Micro Focus Access Manager prior to version 5.0. The underlying impact described is potential configuration destruction. No explicit exploit details or in‑the‑wild indi...

6.1CVSS6.2AI score0.00613EPSS
CVE
CVE
added 2014/12/23 11:0 a.m.48 views

CVE-2014-9412

Technical details for CVE-2014-9412 are not publicly available in the provided documents; monitor for updates.

4.3CVSS5.6AI score0.03236EPSS
Web
CVE
CVE
added 2018/11/15 1:0 p.m.48 views

CVE-2018-12480

The CVE-2018-12480 entry concerns a cross-site scripting (XSS) vulnerability in Micro Focus NetIQ Access Manager prior to version 4.4 SP3. The provided documents indicate the issue affects NetIQ Access Manager and is mitigated by upgrades to 4.4 SP3 or later, but do not detail the root cause beyo...

6.1CVSS6AI score0.00654EPSS
CVE
CVE
added 2018/11/20 6:0 p.m.47 views

CVE-2018-17948

The vulnerability CVE-2018-17948 is described as an open redirect in the Access Manager Identity Provider prior to 4.4 SP3. The primary documented impact areas are limited to the redirect mechanism; CVSS metrics indicate a MEDIUM severity (CVSS v3.0: 6.1) with NETWORK access, no privileges requir...

6.1CVSS6.2AI score0.00648EPSS
CVE
CVE
added 2014/12/23 11:0 a.m.45 views

CVE-2014-5215

NetIQ Access Manager (NAM) 4.x prior to 4.0.1 HF3 is affected by CVE-2014-5215. An authenticated administrator can disclose service-account passwords via requests to roma/jsp/volsc/monitoring/dev_services.jsp or roma/jsp/debug/debug.jsp, constituting an information-disclosure vulnerability (impac...

4CVSS6.2AI score0.0177EPSS
CVE
CVE
added 2021/09/13 12:0 p.m.44 views

CVE-2021-22526

CVE-2021-22526 is an Open Redirect vulnerability in NetIQ Access Manager. Connected sources confirm the issue affects versions prior to 5.0.1 and 4.5.4 . Reported root cause described as an open redirection vulnerability; no detailed exploit path is provided in the documents. Mitigation/Remediati...

6.1CVSS5.6AI score0.0047EPSS
CVE
CVE
added 2021/09/13 11:58 a.m.42 views

CVE-2021-22524

CVE-2021-22524 affects NetIQ Access Manager prior to versions 5.0.1 and 4.5.4. The issue is an injection attack that can cause a Denial of Service. The vulnerability details are documented across multiple sources, with CVSS notes indicating a network-remote vector and partial availability impact....

5.4CVSS5.3AI score0.00633EPSS
CVE
CVE
added 2021/09/13 11:42 a.m.42 views

CVE-2021-22528

NetIQ Access Manager (prior to 5.0.1 and 4.5.4) has a reflected Cross-Site Scripting (XSS) vulnerability (CVE-2021-22528). The affected component is the web application interface; the underlying issue is untrusted input reflected in the response, enabling an attacker to potentially obtain adminis...

8CVSS5.5AI score0.00564EPSS
CVE
CVE
added 2021/03/25 3:56 p.m.40 views

CVE-2021-22496

CVE-2021-22496 describes an authentication bypass vulnerability in Micro Focus Access Manager (including the Appliance), affecting all versions prior to 4.5.3.3. The flaw enables bypassing authentication and can lead to information leakage as described in multiple sources (NVD, Red Hat, CNVD, etc...

7.5CVSS7.3AI score0.01131EPSS
CVE
CVE
added 2021/09/13 11:56 a.m.39 views

CVE-2021-22527

CVE-2021-22527 affects NetIQ Access Manager where information leakage occurs in versions prior to 5.0.1 and prior to 4.5.4. Multiple sources (NVD, CNVD, CVE records, PT-2021-15128) identify the affected components as NetIQ Access Manager and confirm the issue is an information disclosure vulnerab...

7.5CVSS6.6AI score0.00709EPSS
CVE
CVE
added 2021/09/02 4:56 p.m.38 views

CVE-2021-22525

NetIQ Access Manager CVE-2021-22525 describes an information-leakage vulnerability in NAM prior to version 5.0.1. The root cause is insufficient privilege controls that can disclose sensitive information (confidentiality impact reported as HIGH in CVSS data). Affected product/component: NetIQ Acc...

5.5CVSS5.3AI score0.00241EPSS
CVE
CVE
added 2026/06/24 2:1 p.m.11 views

CVE-2026-11877

CVE-2026-11877 affects OpenText Access Manager prior to 5.1.3. An unauthorised user can modify configuration via API calls, indicating a missing authorization vulnerability. Supported details show the impact is at the configuration level (no data leakage described) with remote network access requ...

7.5CVSS5.9AI score0.00178EPSS
CVE
CVE
added 2026/06/24 2:1 p.m.7 views

CVE-2026-11878

CVE-2026-11878 describes a reflected Cross-Site Scripting (XSS) vulnerability in OpenText Access Manager, affecting the Access Manager releases 5.1 through 5.1.2. The issue arises from improper neutralization of input during web page generation, enabling XSS. According to the provided metrics, th...

8.2CVSS5.8AI score0.0013EPSS