Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
access manager vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2016-5748
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 prior to 4.2.2 could be used to disclose the content of local files to logged-in users.
Netiq Access Manager 4.1
Netiq Access Manager 4.2
6.5
CVSSv3
CVE-2016-5755
NetIQ Access Manager 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 prior to 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting.
Netiq Access Manager 4.1
Netiq Access Manager 4.2
9.8
CVSSv3
CVE-2018-1342
A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console.
Netiq Access Manager 4.3
Netiq Access Manager 4.4
6.1
CVSSv3
CVE-2017-5191
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.
Netiq Access Manager 4.3
Netiq Access Manager 4.2
NA
CVE-2014-5214
nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x prior to 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an en...
Microfocus Access Manager 4.0
Microfocus Access Manager 4.0.1
NA
CVE-2014-5215
NetIQ Access Manager (NAM) 4.x prior to 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp.
Microfocus Access Manager 4.0.1
Microfocus Access Manager 4.0
NA
CVE-2014-5216
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x prior to 4.0.1 HF3 allow remote malicious users to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp...
Microfocus Access Manager 4.0.1
Microfocus Access Manager 4.0
1 EDB exploit
NA
CVE-2014-9412
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x prior to 4.1 allow remote malicious users to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll actio...
Microfocus Access Manager 4.0.1
Microfocus Access Manager 4.0
1 EDB exploit
NA
CVE-2011-4162
The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) prior to 6.1.0.1 allow remote malicious users to execute arbitrary code or cause a denial of service (he...
Hp Protecttools Device Access Manager 6.0.0.9
Hp Protecttools Device Access Manager
Hp Protecttools Device Access Manager 6.0.0.10
1 EDB exploit
NA
CVE-2013-5976
Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 up to and including 10.2.4 and 11.1.0 up to and including 11.3.0 allows remote malicious users to inject arbitrary web script or HTML via the LastMRH_Session cookie.
F5 Big-ip Access Policy Manager 11.1.0
F5 Big-ip Access Policy Manager 10.1.0
F5 Big-ip Access Policy Manager 11.3.0
F5 Big-ip Access Policy Manager 10.2.4
F5 Big-ip Access Policy Manager 11.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »