Imanager Security Vulnerabilities and Issues — Imanager CVE List

NovellImanager

16 matches found

CVE•added 2004/03/18 5:0 a.m.•126 views

CVE-2004-0079

The connected documents confirm CVE-2004-0079: in OpenSSL 0.9.6c–0.9.6k and 0.9.7a–0.9.7c, a crafted SSL/TLS handshake can trigger a null dereference in do_change_cipher_spec, causing a denial of service (crash). Remediation is to apply patched/OpenSSL releases per advisories (e.g., CentOS adviso...

7.5CVSS7.1AI score0.02277EPSS

CVE•added 2012/04/09 8:0 p.m.•124 views

CVE-2011-4188

CVE-2011-4188 affects Novell iManager 2.7.4 before patch 4. A buffer overflow in the Create Attribute function of jclient (EnteredAttrName handling) can be triggered by a crafted input, enabling remote authenticated users to cause a denial of service (application crash) and potentially other unsp...

4CVSS7.2AI score0.24268EPSS

CVE•added 2004/03/18 5:0 a.m.•115 views

CVE-2004-0081

CVE-2004-0081 affects OpenSSL 0.9.6 prior to 0.9.6d. The issue is that OpenSSL does not properly handle unknown TLS/SSL message types, enabling a remote attacker to trigger a denial of service via an infinite loop (demonstrated with the Codenomicon TLS Test Tool). Impact is a network-based DoS; e...

5CVSS7.2AI score0.02393EPSS

CVE•added 2004/03/18 5:0 a.m.•103 views

CVE-2004-0112

The CVE-2004-0112 issue affects OpenSSL 0.9.7a/b/c: during the SSL/TLS handshake, the Kerberos ciphersuite path fails to validate the Kerberos ticket length, enabling a remote attacker to cause a denial-of-service by triggering an out-of-bounds read. Public sources in connected documents confirm ...

5CVSS7.2AI score0.00916EPSS

CVE•added 2007/03/03 11:0 p.m.•76 views

CVE-2005-1730

CVE-2005-1730 covers multiple vulnerabilities in the OpenSSL ASN.1 parser as used by Novell iManager 2.0.2. The issue allows remote attackers to cause a denial of service via crafted packets, demonstrated by an OpenSSL ASN.1 brute-forcer. The root cause is tied to how the ASN.1 parser handles cra...

9.3CVSS8.5AI score0.02393EPSS

CVE•added 2010/06/28 5:0 p.m.•58 views

CVE-2010-1929

CVE-2010-1929 is a stack-based buffer overflow in Novell iManager's jclient (jclient.dll) within the Tomcat web container, exploitable by remote authenticated users via the EnteredClassID or NewClassName parameters to nps/servlet/webacc. Several connected sources tie this to a broader set of iMan...

9CVSS7.4AI score0.24268EPSS

Web

CVE•added 2017/04/27 2:0 p.m.•54 views

CVE-2017-5186

CVE-2017-5186 affects Novell iManager and NetIQ eDirectory (versions listed in the CVE) and is due to the use of the deprecated MD5 hashing algorithm in a communications certificate. The connected SUSE entry reiterates the same affected products and patch level references. The provided sources do...

7.5CVSS7.5AI score0.00468EPSS

CVE•added 2006/11/01 3:0 p.m.•52 views

CVE-2006-4517

CVE-2006-4517 affects Novell iManager 2.5 and 2.0.2, where a crafted HTTP POST containing a very long TREE parameter crashes the Tomcat server due to a NULL pointer dereference, causing a denial of service. The issue is triggered by improper handling of POST data in the iManager Tomcat component....

7.8CVSS6.6AI score0.02914EPSS

CVE•added 2008/08/06 5:5 p.m.•45 views

CVE-2008-3488

CVE-2008-3488 affects Novell iManager prior to 2.7 SP1 (2.7.1). An unspecified remote vulnerability allows an attacker to delete Property Book Pages created with Plug-in Studio. Impact is unauthorized deletion of those pages; exploitation details are not disclosed in the provided documents. Remed...

7.5CVSS6.6AI score0.00839EPSS

CVE•added 2010/06/28 5:0 p.m.•45 views

CVE-2010-1930

Novell iManager

5CVSS6.5AI score0.23049EPSS

Web

CVE•added 2013/04/24 10:0 a.m.•45 views

CVE-2013-3268

Novell iManager is affected: versions 2.7 prior to SP6 Patch 1 do not refresh the session token after logout, potentially enabling session-related abuse with remote access. Public references indicate multiple vulnerabilities for iManager

10CVSS6.8AI score0.00166EPSS

CVE•added 2017/05/03 5:13 a.m.•45 views

CVE-2017-7432

CVE-2017-7432 affects Novell iManager 2.7.x prior to 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x prior to 3.0.3.1. The connected records confirm a webshell upload vulnerability in these versions. No explicit root cause, exploit details, or impact beyond webshell upload are provided in the documen...

9.8CVSS9.4AI score0.0109EPSS

CVE•added 2013/04/24 10:0 a.m.•44 views

CVE-2013-1088

CVE-2013-1088 describes a CSRF vulnerability in Novell iManager 2.7 before SP6 Patch 1, where improper request validation inside the iManager code deployed in an Apache Tomcat container allows an attacker to hijack the authentication of arbitrary users. Affected component is iManager running on T...

6.8CVSS7.5AI score0.00264EPSS

CVE•added 2010/01/08 6:0 p.m.•43 views

CVE-2009-4486

CVE-2009-4486 involves a stack-based buffer overflow in the Novell iManager eDirectory plugin that handles importing/exporting schema data. The root cause is inadequate validation of user-supplied arguments in a sub-application, allowing remote attackers to trigger a long input path and execute a...

7.5CVSS8.1AI score0.26761EPSS

CVE•added 2017/05/03 5:13 a.m.•43 views

CVE-2017-7430

The CVE-2017-7430 entry covers a persistent XSS vulnerability in the Framework of Novell iManager 2.7.x (before 2.7 SP7 Patch 10 HF1) and NetIQ iManager 3.x (before 3.0.3.1). Root cause: improper handling/injection point in the Framework that allows crafted input to be stored or repeatedly reflec...

6.1CVSS6AI score0.00661EPSS

CVE•added 2017/05/03 5:13 a.m.•43 views

CVE-2017-7431

CVE-2017-7431 affects Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1, with a persistent CSRF flaw in object management. Root cause: CSRF in the management interface enabling unauthorized operations. Impact: potential unauthorized changes via authenticated ...

8.8CVSS8.6AI score0.00275EPSS