16 matches found
CVE-2012-0432
CVE-2012-0432 describes a stack-based buffer overflow in the NetIQ eDirectory (Novell eDirectory) NCP stack (ndsd) for version 8.8.7.x prior to 8.8.7.2. The root cause is improper bounds checking in the NCP handling (KeyedObjectLogin path), enabling remote attackers to cause a likely remote code ...
CVE-2021-22532
OpenText eDirectory is affected by CVE-2021-22532, with a possible NLDAP Denial of Service vulnerability in OpenText eDirectory before 9.2.4.0000. Connected sources (RH, NVD, CVE lists) consistently describe this as a network-based issue that can impact availability, originating from NLDAP proces...
CVE-2021-22533
OpenText eDirectory 9.2.4.0000 is affected by CVE-2021-22533, described as a vulnerability that could allow insertion of sensitive information into log files. The issue targets the logging mechanism in eDirectory and is documented across multiple sources (including NVD/Red Hat pages). The CVE’s i...
CVE-2012-0430
CVE-2012-0430 affects NetIQ eDirectory 8.8.6.x (before 8.8.6.7) and 8.8.7.x (before 8.8.7.2) on Windows. The vulnerability allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors. Multiple connected sources corroborate this CVE as part of a se...
CVE-2018-17950
CVE-2018-17950: Affects NetIQ eDirectory prior to version 9.1 SP2. The issue is an authorization check error where checks are not enforced correctly, enabling potential integrity impact (I = HIGH) without credentials over a network (attack vector: NETWORK, complexity: LOW). The NVD metrics descri...
CVE-2021-38133
OpenText eDirectory is affected by CVE-2021-38133 in versions prior to 9.2.6.0000. The vulnerability is described as an External Service Interaction attack affecting authentication, with CVSS v3.1 base scores indicating high/medium severity (C:H, UI:R, network attack). Root cause is not explicitl...
CVE-2021-38132
CVE-2021-38132 affects OpenText eDirectory prior to version 9.2.6.0000. The vulnerability is described as an External Service Interaction in eDirectory, with the NVD metric set to CVSSv3.1: 9.8 (CRITICAL) impact on confidentiality, integrity, and availability, attack vector NETWORK, no privileges...
CVE-2021-38131
CVE-2021-38131 is an XSS vulnerability reported in OpenText OpenText eDirectory 9.2.5.0000. The provided documents consistently identify a cross-site scripting issue in this version; no further technical specifics (e.g., vulnerable component, root cause) or exploit details are given. CVSS referen...
CVE-2012-0428
CVE-2012-0428 affects NetIQ eDirectory 8.8.x: a Cross-site Scripting (XSS) vulnerability in the web interface allows remote attackers to inject arbitrary script/HTML via unspecified vectors. The vulnerability exists in 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2, with the impact on the user...
CVE-2021-22503
CVE-2021-22503 corresponds to a vulnerability in OpenText eDirectory 9.2.3.0000 related to improper neutralization of input during web page generation. Multiple sources (NVD, Red Hat advisory) describe the issue as affecting eDirectory and provide CVSS metrics: NETWORK attack, LOW to MEDIUM impac...
CVE-2018-17952
CVE-2018-17952 is a cross-site scripting vulnerability in Micro Focus NetIQ eDirectory versions prior to 9.1 SP2. The NVD entry lists a CVSS‑3 base score of 6.1 (MEDIUM) with network attack, low complexity, no privileges required, but user interaction required, and low impacts to confidentiality ...
CVE-2012-0429
CVE-2012-0429 affects NetIQ/Novell eDirectory 8.8.6.x (before 8.8.6.7) and 8.8.7.x (before 8.8.7.2) on Windows. The vulnerability is in the dhost component where crafted characters in an HTTP request allow remote authenticated users to trigger a denial of service (daemon crash). Impact as reporte...
CVE-2017-7429
The CVE concerns NetIQ eDirectory PKI plugin prior to 8.8.8 Patch 10 Hotfix 1, where the certificate upload function can be abused to upload JSP code. This allows an authenticated attacker to execute JSP applets on the iManager server. Affected product: Micro Focus NetIQ eDirectory PKI plugin (ve...
CVE-2017-9285
NetIQ eDirectory is affected on versions before 9.0 SP4 where the ebaclient login path did not enforce login restrictions, enabling unpermitted access to eDirectory services. Root cause: inadequate enforcement of authentication when ebaclient is used. Impact: potential exposure of confidential da...
CVE-2018-7686
NetIQ eDirectory prior to 9.1.1 HF1 is affected by an information disclosure vulnerability caused by shared memory usage. Exploitation could allow an attacker to obtain partial/confidential information via network access. The CVSS data indicates a network-based attack with high impact on confiden...
CVE-2018-7692
CVE-2018-7692 is an unvalidated redirect vulnerability in Micro Focus NetIQ eDirectory prior to 9.1.1 HF1. The connected SUSE/CNVD entries confirm an open redirect issue in eDirectory versions before 9.1.1 HF1, caused by insufficient validation of redirect targets. Impact details in the sources i...