Lucene search
+L
NetiqAccess Manager

24 matches found

cve
cve
added 2018/01/20 12:0 a.m.65 views

CVE-2017-14803

NetIQ Access Manager: CVE-2017-14803 affects Identity Server in NAM 4.3/4.4, where a bug during access to a basic SSO connector and downloading BasicSSO connector plugins on IE11 enables arbitrary code execution on the target system. Impact is described as high/critical in CVE records, with netwo...

10CVSS9.6AI score0.34593EPSS
cve
cve
added 2018/03/01 7:0 p.m.58 views

CVE-2017-14799

The CVE-2017-14799 entry concerns Micro Focus NetIQ Access Manager prior to version 4.3.3, where the ESP login parameter handling is vulnerable to cross-site scripting. The underlying issue is improper handling of ESP login parameters, allowing an attacker to inject JavaScript into the login page...

6.1CVSS5.3AI score0.00756EPSS
cve
cve
added 2018/03/14 3:0 p.m.58 views

CVE-2018-7677

The CVE-2018-7677 entry applies to NetIQ Access Manager (NAM) 4.4 Identity Server component. The vulnerability arises because HTTP requests are not properly validated, creating a cross-site request forgery (CSRF) exposure. This allows an attacker to perform unauthorized operations against the aff...

8.8CVSS6.2AI score0.00531EPSS
cve
cve
added 2024/06/11 7:23 a.m.57 views

CVE-2020-11843

CVE-2020-11843 concerns a potential information disclosure in Micro Focus / NetIQ Access Manager. Connected sources consistently indicate that NAM versions prior to or equal to 4.5 are affected, with information exposure to unauthorized users, originating from an issue in NAM’s handling of sensit...

6.5CVSS6.4AI score0.00484EPSS
cve
cve
added 2017/03/23 6:36 a.m.56 views

CVE-2016-5754

NetIQ Access Manager (NAM) is affected by CVE-2016-5754. The vulnerability is an information disclosure caused by the presence of an ".htaccess" file that could leak sensitive information in NAM versions 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2. The CNVD entry confirms a NAM information-disc...

7.5CVSS7.3AI score0.0109EPSS
cve
cve
added 2018/03/02 8:0 p.m.55 views

CVE-2017-14801

CVE-2017-14801 affects NetIQ Access Manager prior to 4.3.3. It is a reflected Cross-Site Scripting (XSS) vulnerability where an attacker-supplied URL parameter is reflected in the response, enabling script execution in the context of the vulnerable page. Affected product/version: NetIQ Access Man...

6.1CVSS5.2AI score0.00756EPSS
cve
cve
added 2018/03/02 8:0 p.m.54 views

CVE-2017-14802

CVE-2017-14802 affects Micro Focus Novell Access Manager Admin Console and IDP servers prior to version 4.3.3, which expose an unvalidated redirect vulnerability that could be exploited by remote attackers to redirect users to third‑party sites. The public records indicate impacted products are N...

6.1CVSS5.9AI score0.0102EPSS
cve
cve
added 2017/03/23 6:36 a.m.52 views

CVE-2016-5751

CVE-2016-5751 affects NetIQ Access Manager Identity Server SAML processing: an unfiltered finalizer target URL can be exploited to trigger XSS and leak authentication credentials. Affected products/versions: NetIQ Access Manager 4.1 prior to 4.1.2 HF1, and 4.2 prior to 4.2.2. Root cause: unfilter...

6.1CVSS6AI score0.00712EPSS
cve
cve
added 2017/03/23 6:36 a.m.51 views

CVE-2016-5757

CVE-2016-5757 affects NetIQ Access Manager: iManager Admin Console in NAM 4.1 (before 4.1.2 Hot Fix 1) and 4.2 (before 4.2.2). Root cause is an iFrame manipulation vulnerability that could allow remote attackers to gain access to authentication credentials. The connected sources confirm affected ...

9.8CVSS9.6AI score0.01518EPSS
cve
cve
added 2018/03/01 7:0 p.m.51 views

CVE-2017-14800

NetIQ Access Manager (pre-4.3.3) is affected by a reflected cross-site scripting vulnerability that can be triggered via the typecontainerid parameter in the policy editor, enabling code injection into pages viewed by authenticated users. The issue arises in the policy editor flow and is document...

6.1CVSS5.9AI score0.00756EPSS
cve
cve
added 2017/03/23 6:36 a.m.50 views

CVE-2016-5748

NetIQ Access Manager is affected by an External Entity Processing (XXE) vulnerability in the risk score application. Affected versions: 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 prior to 4.2.2. The issue allows an attacker who can access the application to disclose contents of local files to logged-in...

5.5CVSS5.3AI score0.00345EPSS
cve
cve
added 2017/03/23 6:36 a.m.49 views

CVE-2016-5755

CVE-2016-5755 affects NetIQ Access Manager; versions 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 are vulnerable to clickjacking due to a missing SAMEORIGIN filter in the "high encryption" setting. The connected documents corroborate this description and identify the affected product and the s...

6.5CVSS6.4AI score0.00502EPSS
cve
cve
added 2017/03/23 6:36 a.m.48 views

CVE-2016-5750

CVE-2016-5750 affects NetIQ Access Manager’s iManager Certificate Server Management module. A vulnerability in the certificate upload feature in iManager allows uploading JSP pages that execute with the iManager user, enabling remote code execution by a logged-in user. Affected versions are NetIQ...

8.8CVSS8.8AI score0.01114EPSS
cve
cve
added 2017/04/20 6:0 p.m.48 views

CVE-2017-5183

NetIQ Access Manager is affected: versions 4.2.2 and 4.3.x prior to 4.3.1+ contain an XSS flaw in the AssertionConsumerServiceURL field of a signed samlp:AuthnRequest when acting as Identity Server. The root cause is a cross-site scripting vulnerability in that URL field within the AuthnRequest. ...

6.1CVSS6AI score0.00669EPSS
cve
cve
added 2018/03/02 8:0 p.m.48 views

CVE-2017-9276

The CVE-2017-9276 entry describes a cross-site scripting (XSS) vulnerability in Micro Focus Novell Access Manager iManager prior to version 4.3.3. The root cause is that iManager failed to validate parameters, allowing XSS content to be reflected back into the result page via the parameter "a". P...

6.1CVSS5.8AI score0.00793EPSS
cve
cve
added 2017/03/23 6:36 a.m.47 views

CVE-2016-5749

The vulnerability CVE-2016-5749 affects NetIQ Access Manager. Affected: NAM 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2. Root cause: NAM parses incoming SAML requests with External Entity (XXE) resolution enabled. Impact: potential local file disclosure through XML External Entity injection. Explo...

5.5CVSS5.4AI score0.00393EPSS
cve
cve
added 2017/03/23 6:36 a.m.47 views

CVE-2016-5756

NetIQ Access Manager is affected by CVE-2016-5756: multiple web tools components are vulnerable to Reflected Cross-Site Scripting, enabling potential session hijack. Vulnerable in NAM 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2; affected endpoints include nps/servlet/frameservice, nps/servlet...

6.1CVSS6.1AI score0.00635EPSS
cve
cve
added 2017/04/24 6:0 p.m.47 views

CVE-2017-5191

NetIQ Access Manager (NAM) versions 4.2 and 4.3 contain a cross-site scripting (XSS) vulnerability in the /NAGErrors URI. The issue arises because the Access Gateway Error page does not validate the HTTP Referer header, enabling a remote attacker to inject arbitrary web script or HTML. No exploit...

6.1CVSS5.9AI score0.00679EPSS
cve
cve
added 2018/03/02 8:0 p.m.47 views

CVE-2017-7419

CVE-2017-7419 affects NetIQ Access Manager OAuth applications. The vulnerability is an XSS flaw caused by an unescaped description field that can be supplied by the provider, impacting versions 4.3 before 4.3.2 and 4.2 before 4.2.4. The issue enables cross-site scripting via the OAuth consent/des...

6.1CVSS5.1AI score0.00763EPSS
cve
cve
added 2017/03/23 6:36 a.m.46 views

CVE-2016-5752

The CVE-2016-5752 entry concerns NetIQ Access Manager’s Identity Server SAML2 implementation. Affected versions are 4.1 prior to 4.1.2 HF1 and 4.2 prior to 4.2.2. The issue arises from handling unsigned SAML requests, causing leakage of results to a potentially malicious Assertion Consumer Servic...

7.5CVSS7.4AI score0.0109EPSS
cve
cve
added 2017/03/23 6:36 a.m.46 views

CVE-2016-5758

Affected product: NetIQ Access Manager (NAM) 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2. Vulnerability: CSRF protection mechanism can be circumvented by repeated uploads, causing high load. Root cause / impact: The repeated-upload path undermines CSRF defenses, potentially enabling unauthori...

8.8CVSS8.5AI score0.00501EPSS
cve
cve
added 2017/04/20 3:0 p.m.46 views

CVE-2017-5190

NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when acting as a SAML 2.0 Identity Server with Virtual Attributes, is affected by a concurrency issue that can lead to information leakage related to a stale profile. The vulnerability is described across multiple sources in relation...

3.5CVSS3.9AI score0.00674EPSS
cve
cve
added 2018/01/26 2:0 a.m.46 views

CVE-2018-1342

The CVE-2018-1342 issue affects NetIQ Access Manager Admin Console (versions 4.3/4.4). The root cause is lack of validation in the FwRequest class, enabling an attacker to upload arbitrary files to the Admin Console server and execute code, with no authentication required (remote code execution)....

9.8CVSS9.4AI score0.01169EPSS
cve
cve
added 2018/03/14 3:0 p.m.45 views

CVE-2018-7678

CVE-2018-7678 is a cross-site scripting vulnerability in the Administration Console of NetIQ Access Manager (NAM) affecting NAM versions 4.3 and 4.4. The issue stems from improper input filtering in the Administration Console, enabling a remote attacker to execute arbitrary browser code. Supporte...

4.8CVSS4.3AI score0.0062EPSS