Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netiq access manager vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-14799
A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager prior to 4.3.3 could be used to inject javascript code into the login page.
Netiq Access Manager
6.1
CVSSv3
CVE-2017-14800
A reflected cross site scripting attack in the NetIQ Access Manager prior to 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users.
Netiq Access Manager
6.1
CVSSv3
CVE-2017-5191
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.
Netiq Access Manager 4.3
Netiq Access Manager 4.2
6.1
CVSSv3
CVE-2017-5183
NetIQ Access Manager 4.2.2 and 4.3.x prior to 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document.
Netiq Access Manager 4.3
Netiq Access Manager 4.3.1
Netiq Access Manager 4.2.2
6.1
CVSSv3
CVE-2016-5751
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 prior to 4.1.2 HF1 and 4.2 prior to 4.2.2 could be used to trigger XSS and leak authentication credentials.
Netiq Access Manager 4.1
Netiq Access Manager 4.2
6.1
CVSSv3
CVE-2016-5756
Multiple components of the web tools in NetIQ Access Manager 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 prior to 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl, r...
Netiq Access Manager 4.1
Netiq Access Manager 4.2
5.5
CVSSv3
CVE-2021-22525
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions before 5.0.1
Microfocus Access Manager
5.5
CVSSv3
CVE-2016-5748
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 prior to 4.2.2 could be used to disclose the content of local files to logged-in users.
Netiq Access Manager 4.1
Netiq Access Manager 4.2
5.5
CVSSv3
CVE-2016-5749
NetIQ Access Manager 4.1 prior to 4.1.2 HF 1 and 4.2 prior to 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.
Netiq Access Manager 4.1
Netiq Access Manager 4.2
5.4
CVSSv3
CVE-2021-22528
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager before 5.0.1 and 4.5.4
Microfocus Access Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »