24 matches found
CVE-2017-14803
NetIQ Access Manager: CVE-2017-14803 affects Identity Server in NAM 4.3/4.4, where a bug during access to a basic SSO connector and downloading BasicSSO connector plugins on IE11 enables arbitrary code execution on the target system. Impact is described as high/critical in CVE records, with netwo...
CVE-2017-14799
The CVE-2017-14799 entry concerns Micro Focus NetIQ Access Manager prior to version 4.3.3, where the ESP login parameter handling is vulnerable to cross-site scripting. The underlying issue is improper handling of ESP login parameters, allowing an attacker to inject JavaScript into the login page...
CVE-2018-7677
The CVE-2018-7677 entry applies to NetIQ Access Manager (NAM) 4.4 Identity Server component. The vulnerability arises because HTTP requests are not properly validated, creating a cross-site request forgery (CSRF) exposure. This allows an attacker to perform unauthorized operations against the aff...
CVE-2020-11843
CVE-2020-11843 concerns a potential information disclosure in Micro Focus / NetIQ Access Manager. Connected sources consistently indicate that NAM versions prior to or equal to 4.5 are affected, with information exposure to unauthorized users, originating from an issue in NAM’s handling of sensit...
CVE-2016-5754
NetIQ Access Manager (NAM) is affected by CVE-2016-5754. The vulnerability is an information disclosure caused by the presence of an ".htaccess" file that could leak sensitive information in NAM versions 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2. The CNVD entry confirms a NAM information-disc...
CVE-2017-14801
CVE-2017-14801 affects NetIQ Access Manager prior to 4.3.3. It is a reflected Cross-Site Scripting (XSS) vulnerability where an attacker-supplied URL parameter is reflected in the response, enabling script execution in the context of the vulnerable page. Affected product/version: NetIQ Access Man...
CVE-2017-14802
CVE-2017-14802 affects Micro Focus Novell Access Manager Admin Console and IDP servers prior to version 4.3.3, which expose an unvalidated redirect vulnerability that could be exploited by remote attackers to redirect users to third‑party sites. The public records indicate impacted products are N...
CVE-2016-5751
CVE-2016-5751 affects NetIQ Access Manager Identity Server SAML processing: an unfiltered finalizer target URL can be exploited to trigger XSS and leak authentication credentials. Affected products/versions: NetIQ Access Manager 4.1 prior to 4.1.2 HF1, and 4.2 prior to 4.2.2. Root cause: unfilter...
CVE-2016-5757
CVE-2016-5757 affects NetIQ Access Manager: iManager Admin Console in NAM 4.1 (before 4.1.2 Hot Fix 1) and 4.2 (before 4.2.2). Root cause is an iFrame manipulation vulnerability that could allow remote attackers to gain access to authentication credentials. The connected sources confirm affected ...
CVE-2017-14800
NetIQ Access Manager (pre-4.3.3) is affected by a reflected cross-site scripting vulnerability that can be triggered via the typecontainerid parameter in the policy editor, enabling code injection into pages viewed by authenticated users. The issue arises in the policy editor flow and is document...
CVE-2016-5748
NetIQ Access Manager is affected by an External Entity Processing (XXE) vulnerability in the risk score application. Affected versions: 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 prior to 4.2.2. The issue allows an attacker who can access the application to disclose contents of local files to logged-in...
CVE-2016-5755
CVE-2016-5755 affects NetIQ Access Manager; versions 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 are vulnerable to clickjacking due to a missing SAMEORIGIN filter in the "high encryption" setting. The connected documents corroborate this description and identify the affected product and the s...
CVE-2016-5750
CVE-2016-5750 affects NetIQ Access Manager’s iManager Certificate Server Management module. A vulnerability in the certificate upload feature in iManager allows uploading JSP pages that execute with the iManager user, enabling remote code execution by a logged-in user. Affected versions are NetIQ...
CVE-2017-5183
NetIQ Access Manager is affected: versions 4.2.2 and 4.3.x prior to 4.3.1+ contain an XSS flaw in the AssertionConsumerServiceURL field of a signed samlp:AuthnRequest when acting as Identity Server. The root cause is a cross-site scripting vulnerability in that URL field within the AuthnRequest. ...
CVE-2017-9276
The CVE-2017-9276 entry describes a cross-site scripting (XSS) vulnerability in Micro Focus Novell Access Manager iManager prior to version 4.3.3. The root cause is that iManager failed to validate parameters, allowing XSS content to be reflected back into the result page via the parameter "a". P...
CVE-2016-5749
The vulnerability CVE-2016-5749 affects NetIQ Access Manager. Affected: NAM 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2. Root cause: NAM parses incoming SAML requests with External Entity (XXE) resolution enabled. Impact: potential local file disclosure through XML External Entity injection. Explo...
CVE-2016-5756
NetIQ Access Manager is affected by CVE-2016-5756: multiple web tools components are vulnerable to Reflected Cross-Site Scripting, enabling potential session hijack. Vulnerable in NAM 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2; affected endpoints include nps/servlet/frameservice, nps/servlet...
CVE-2017-5191
NetIQ Access Manager (NAM) versions 4.2 and 4.3 contain a cross-site scripting (XSS) vulnerability in the /NAGErrors URI. The issue arises because the Access Gateway Error page does not validate the HTTP Referer header, enabling a remote attacker to inject arbitrary web script or HTML. No exploit...
CVE-2017-7419
CVE-2017-7419 affects NetIQ Access Manager OAuth applications. The vulnerability is an XSS flaw caused by an unescaped description field that can be supplied by the provider, impacting versions 4.3 before 4.3.2 and 4.2 before 4.2.4. The issue enables cross-site scripting via the OAuth consent/des...
CVE-2016-5752
The CVE-2016-5752 entry concerns NetIQ Access Manager’s Identity Server SAML2 implementation. Affected versions are 4.1 prior to 4.1.2 HF1 and 4.2 prior to 4.2.2. The issue arises from handling unsigned SAML requests, causing leakage of results to a potentially malicious Assertion Consumer Servic...
CVE-2016-5758
Affected product: NetIQ Access Manager (NAM) 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2. Vulnerability: CSRF protection mechanism can be circumvented by repeated uploads, causing high load. Root cause / impact: The repeated-upload path undermines CSRF defenses, potentially enabling unauthori...
CVE-2017-5190
NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when acting as a SAML 2.0 Identity Server with Virtual Attributes, is affected by a concurrency issue that can lead to information leakage related to a stale profile. The vulnerability is described across multiple sources in relation...
CVE-2018-1342
The CVE-2018-1342 issue affects NetIQ Access Manager Admin Console (versions 4.3/4.4). The root cause is lack of validation in the FwRequest class, enabling an attacker to upload arbitrary files to the Admin Console server and execute code, with no authentication required (remote code execution)....
CVE-2018-7678
CVE-2018-7678 is a cross-site scripting vulnerability in the Administration Console of NetIQ Access Manager (NAM) affecting NAM versions 4.3 and 4.4. The issue stems from improper input filtering in the Administration Console, enabling a remote attacker to execute arbitrary browser code. Supporte...