Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netiq access manager vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-5183
NetIQ Access Manager 4.2.2 and 4.3.x prior to 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document.
Netiq Access Manager 4.3
Netiq Access Manager 4.3.1
Netiq Access Manager 4.2.2
9.8
CVSSv3
CVE-2018-1342
A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console.
Netiq Access Manager 4.3
Netiq Access Manager 4.4
9.8
CVSSv3
CVE-2017-14803
In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system.
Netiq Access Manager 4.3
Netiq Access Manager 4.4
5.5
CVSSv3
CVE-2016-5748
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 prior to 4.2.2 could be used to disclose the content of local files to logged-in users.
Netiq Access Manager 4.1
Netiq Access Manager 4.2
6.1
CVSSv3
CVE-2016-5756
Multiple components of the web tools in NetIQ Access Manager 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 prior to 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl, r...
Netiq Access Manager 4.1
Netiq Access Manager 4.2
5.5
CVSSv3
CVE-2016-5749
NetIQ Access Manager 4.1 prior to 4.1.2 HF 1 and 4.2 prior to 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.
Netiq Access Manager 4.1
Netiq Access Manager 4.2
6.1
CVSSv3
CVE-2016-5751
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 prior to 4.1.2 HF1 and 4.2 prior to 4.2.2 could be used to trigger XSS and leak authentication credentials.
Netiq Access Manager 4.1
Netiq Access Manager 4.2
7.5
CVSSv3
CVE-2016-5754
Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 before SP2.
Netiq Access Manager 4.1
Netiq Access Manager 4.2
9.8
CVSSv3
CVE-2016-5757
iManager Admin Console in NetIQ Access Manager 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 prior to 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials.
Netiq Access Manager 4.1
Netiq Access Manager 4.2
8.8
CVSSv3
CVE-2016-5758
A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 prior to 4.2.2 could be circumvented by repeated uploads causing a high load.
Netiq Access Manager 4.1
Netiq Access Manager 4.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »