Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netiq vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2018-1350
The NetIQ Identity Manager driver log file, in versions before 4.7, provides details that could aid in system enumeration.
Netiq Identity Manager
6.1
CVSSv3
CVE-2015-0787
XSS in NetIQ Designer for Identity Manager prior to 4.5.3 allows remote malicious users to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI.
Netiq Identity Manager
6.1
CVSSv3
CVE-2017-14799
A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager prior to 4.3.3 could be used to inject javascript code into the login page.
Netiq Access Manager
6.1
CVSSv3
CVE-2017-14800
A reflected cross site scripting attack in the NetIQ Access Manager prior to 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users.
Netiq Access Manager
6.1
CVSSv3
CVE-2017-14802
Novell Access Manager Admin Console and IDP servers prior to 4.3.3 have a URL that could be used by remote malicious users to trigger unvalidated redirects to third party sites.
Netiq Access Manager
6.1
CVSSv3
CVE-2016-1592
XSS in NetIQ Designer for Identity Manager prior to 4.5.3 allows remote malicious users to inject arbitrary HTML code via the nrfEntitlementReport.do CGI.
Netiq Identity Manager
6.1
CVSSv3
CVE-2017-7419
A OAuth application in NetIQ Access Manager 4.3 prior to 4.3.2 and 4.2 prior to 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.
Netiq Access Manager
9.1
CVSSv3
CVE-2017-7426
The NetIQ Identity Manager Plugins prior to 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by malicious users to leak information or cause denial of service attacks.
Netiq Identity Manager
6.1
CVSSv3
CVE-2017-7427
Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the...
Netiq Identity Manager
9.8
CVSSv3
CVE-2017-7434
In the JDBC driver of NetIQ Identity Manager prior to 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles.
Netiq Identity Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »