Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

access manager vulnerabilities and exploits

(subscribe to this query)
5
CVSSv2
CVE-2016-5754
Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 before SP2.
Netiq Access Manager 4.1Netiq Access Manager 4.2
4.3
CVSSv2
CVE-2016-5755
NetIQ Access Manager 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 prior to 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting.
Netiq Access Manager 4.1Netiq Access Manager 4.2
7.5
CVSSv2
CVE-2016-5757
iManager Admin Console in NetIQ Access Manager 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 prior to 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials.
Netiq Access Manager 4.1Netiq Access Manager 4.2
6.8
CVSSv2
CVE-2016-5758
A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 prior to 4.2.2 could be circumvented by repeated uploads causing a high load.
Netiq Access Manager 4.1Netiq Access Manager 4.2
3.5
CVSSv2
CVE-2018-7678
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.
Netiq Access Manager 4.3Netiq Access Manager 4.4
4.3
CVSSv2
CVE-2020-2745
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Federation). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise ...
Oracle Access Manager 11.1.2.3.0Oracle Access Manager 12.2.1.3.0
4.3
CVSSv2
CVE-2014-9412
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x prior to 4.1 allow remote malicious users to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll actio...
Microfocus Access Manager 4.0.1Microfocus Access Manager 4.0
7.5
CVSSv2
CVE-2011-4162
The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) prior to 6.1.0.1 allow remote malicious users to execute arbitrary code or cause a denial of service (he...
Hp Protecttools Device Access Manager 6.0.0.9Hp Protecttools Device Access ManagerHp Protecttools Device Access Manager 6.0.0.10
5
CVSSv2
CVE-2015-5010
IBM Security Access Manager for Web 7.0 prior to 7.0.0 IF21, 8.0 prior to 8.0.1.3 IF4, and 9.0 prior to 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote malicious users to obtain access via a brute-force attack.
Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.9Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.8Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.7Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.6Ibm Security Access Manager For Web 8.0 Firmware 8.0.1.2Ibm Security Access Manager For Web 8.0 Firmware 8.0.1.0Ibm Security Access Manager For Web 8.0 Firmware 8.0.1Ibm Security Access Manager For Web 8.0 Firmware 8.0.0.5Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.18Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.19Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.20Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.12Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.15Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.13Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.5Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.3Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.17Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.11Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.1Ibm Security Access Manager For Web 8.0 Firmware 8.0.0.2Ibm Security Access Manager 9.0 Firmware 9.0.0Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.16
4.3
CVSSv2
CVE-2013-5976
Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 up to and including 10.2.4 and 11.1.0 up to and including 11.3.0 allows remote malicious users to inject arbitrary web script or HTML via the LastMRH_Session cookie.
F5 Big-ip Access Policy Manager 11.1.0F5 Big-ip Access Policy Manager 10.1.0F5 Big-ip Access Policy Manager 11.3.0F5 Big-ip Access Policy Manager 10.2.4F5 Big-ip Access Policy Manager 11.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook