Netiq Access_manager
24 CVEs affecting Netiq Access_manager. Latest disclosed: 2024-06-11. Critical: 3, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-1342 | Critical | 9.8 | 2018-01-26 | A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access… |
CVE-2017-14803 | Critical | 9.8 | 2018-01-20 | In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE1… |
CVE-2016-5757 | Critical | 9.8 | 2017-03-23 | iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow… |
CVE-2016-5758 | High | 8.8 | 2017-03-23 | A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated upl… |
CVE-2016-5750 | High | 8.8 | 2017-03-23 | The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would… |
CVE-2016-5754 | High | 7.5 | 2017-03-23 | Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2. |
CVE-2016-5752 | High | 7.5 | 2017-03-23 | The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly… |
CVE-2020-11843 | Medium | 6.5 | 2024-06-11 | This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before |
CVE-2016-5755 | Medium | 6.5 | 2017-03-23 | NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high enc… |
CVE-2017-5191 | Medium | 6.1 | 2017-04-24 | An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer heade… |
CVE-2017-5183 | Medium | 6.1 | 2017-04-20 | NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRe… |
CVE-2016-5756 | Medium | 6.1 | 2017-03-23 | Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting… |
CVE-2016-5751 | Medium | 6.1 | 2017-03-23 | An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be… |
CVE-2016-5749 | Medium | 5.5 | 2017-03-23 | NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to… |
CVE-2016-5748 | Medium | 5.5 | 2017-03-23 | External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be… |
CVE-2017-9276 | Medium | 5.4 | 2018-03-02 | Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using… |
CVE-2017-14802 | Medium | 5.4 | 2018-03-02 | Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third pa… |
CVE-2017-14800 | Medium | 5.4 | 2018-03-01 | A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code… |
CVE-2017-7419 | Medium | 4.6 | 2018-03-02 | A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field tha… |
CVE-2017-14801 | Medium | 4.6 | 2018-03-02 | Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter. |