Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netiq vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2017-14803
In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system.
Netiq Access Manager 4.3
Netiq Access Manager 4.4
7.5
CVSSv2
CVE-2018-1342
A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console.
Netiq Access Manager 4.3
Netiq Access Manager 4.4
4.3
CVSSv2
CVE-2016-5751
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 prior to 4.1.2 HF1 and 4.2 prior to 4.2.2 could be used to trigger XSS and leak authentication credentials.
Netiq Access Manager 4.1
Netiq Access Manager 4.2
4.3
CVSSv2
CVE-2016-5755
NetIQ Access Manager 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 prior to 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting.
Netiq Access Manager 4.1
Netiq Access Manager 4.2
7.5
CVSSv2
CVE-2016-5757
iManager Admin Console in NetIQ Access Manager 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 prior to 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials.
Netiq Access Manager 4.1
Netiq Access Manager 4.2
6.8
CVSSv2
CVE-2016-5758
A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 prior to 4.1.2 Hot Fix 1 and 4.2 prior to 4.2.2 could be circumvented by repeated uploads causing a high load.
Netiq Access Manager 4.1
Netiq Access Manager 4.2
4.3
CVSSv2
CVE-2017-7438
NetIQ Privileged Account Manager prior to 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter.
Netiq Privileged Account Manager 3.1
Netiq Privileged Account Manager
4.3
CVSSv2
CVE-2017-7437
NetIQ Privileged Account Manager prior to 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests.
Netiq Privileged Account Manager 3.1
Netiq Privileged Account Manager
6.5
CVSSv2
CVE-2021-22497
Advanced Authentication versions before 6.3 SP4 have a potential broken authentication due to improper session management issue.
Microfocus Netiq Advanced Authentication 6.3
Microfocus Netiq Advanced Authentication
4
CVSSv2
CVE-2021-22515
Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions before 6.3 SP4 Patch 1.
Microfocus Netiq Advanced Authentication 6.3
Microfocus Netiq Advanced Authentication
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »