Search criteria
48 vulnerabilities found for access_manager by microfocus
FKIE_CVE-2021-22531
Vulnerability from fkie_nvd - Published: 2022-05-12 19:15 - Updated: 2024-11-21 05:50
Severity ?
Summary
A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | access_manager | 4.5 | |
| microfocus | access_manager | 4.5 | |
| microfocus | access_manager | 4.5 | |
| microfocus | access_manager | 4.5 | |
| microfocus | access_manager | 4.5 | |
| microfocus | access_manager | 4.5 | |
| microfocus | access_manager | 4.5 | |
| microfocus | access_manager | 4.5 | |
| microfocus | access_manager | 4.5 | |
| microfocus | access_manager | 4.5 | |
| microfocus | access_manager | 4.5 | |
| microfocus | access_manager | 4.5 | |
| microfocus | access_manager | 4.5 | |
| microfocus | access_manager | 5.0 | |
| microfocus | access_manager | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:access_manager:4.5:-:*:*:*:*:*:*",
"matchCriteriaId": "F8E97E1C-2026-4FC1-8DDE-EC0BFB043048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:4.5:hotfix1:*:*:*:*:*:*",
"matchCriteriaId": "5438260E-68B8-4139-BA41-1FDBD2AFA633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:4.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "71F2BB55-B83E-40A7-9D0F-66DC2737C02A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:4.5:sp1_hotfix1:*:*:*:*:*:*",
"matchCriteriaId": "18C50F58-7AB2-48BC-8575-439F3F435261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:4.5:sp1_hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "A6EA171E-57CD-4537-985C-E4F088079F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:4.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "2C0301E3-240B-40E6-86CC-DF2D5FBF9C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:4.5:sp2_hotfix1:*:*:*:*:*:*",
"matchCriteriaId": "C2A5335F-63DD-4521-A2D8-8523F1C32C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:4.5:sp2_hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "DE115264-03EC-42B4-B0AB-CC9F4DBD3618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:4.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1F7074C1-8377-490A-86B0-5D7291017412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:4.5:sp3_hotfix1:*:*:*:*:*:*",
"matchCriteriaId": "C4692C49-419C-440A-B418-92BA7ACCBC11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:4.5:sp3_patch3:*:*:*:*:*:*",
"matchCriteriaId": "FA7ECB22-DF54-40CA-B129-20BEEAC58226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:4.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "516FEB2A-09BE-4099-99C5-BCCC2EB33C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:4.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "D03D5653-F0B9-48BC-ACA4-910E80275DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "24EE84C8-36FC-4D39-91AF-277021E82B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "08E6E8DF-5652-4CE6-BF88-BFFF98B71FFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0"
},
{
"lang": "es",
"value": "Se presenta un bug en el par\u00e1metro input de Access Manager que permite a el suministro de caracteres no v\u00e1lidos desencadenar una vulnerabilidad de tipo cross-site scripting. Esto afecta a NetIQ Access Manager versiones 4.5 y 5.0"
}
],
"id": "CVE-2021-22531",
"lastModified": "2024-11-21T05:50:17.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-12T19:15:48.020",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22527
Vulnerability from fkie_nvd - Published: 2021-09-13 12:15 - Updated: 2024-11-21 05:50
Severity ?
6.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | access_manager | * | |
| microfocus | access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED81DCE6-EC3E-4910-90FB-19CCFAA53D54",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F42B44F-A741-4ED3-8D46-6D1B6DAA0201",
"versionEndExcluding": "5.0.1",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
},
{
"lang": "es",
"value": "Una vulnerabilidad de filtrado de informaci\u00f3n en NetIQ Access Manager versiones anteriores a 5.0.1 y 4.5.4"
}
],
"id": "CVE-2021-22527",
"lastModified": "2024-11-21T05:50:17.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.5,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-13T12:15:10.073",
"references": [
{
"source": "security@opentext.com",
"url": "https://support.microfocus.com/kb/doc.php?id=7025258"
},
{
"source": "security@opentext.com",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.microfocus.com/kb/doc.php?id=7025258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22528
Vulnerability from fkie_nvd - Published: 2021-09-13 12:15 - Updated: 2024-11-21 05:50
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | access_manager | * | |
| microfocus | access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED81DCE6-EC3E-4910-90FB-19CCFAA53D54",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F42B44F-A741-4ED3-8D46-6D1B6DAA0201",
"versionEndExcluding": "5.0.1",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross Site Scripting (XSS) Reflejado en NetIQ Access Manager versiones anteriores a 5.0.1 y 4.5.4"
}
],
"id": "CVE-2021-22528",
"lastModified": "2024-11-21T05:50:17.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-13T12:15:10.413",
"references": [
{
"source": "security@opentext.com",
"url": "https://support.microfocus.com/kb/doc.php?id=7025259"
},
{
"source": "security@opentext.com",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.microfocus.com/kb/doc.php?id=7025259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22526
Vulnerability from fkie_nvd - Published: 2021-09-13 12:15 - Updated: 2024-11-21 05:50
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | access_manager | * | |
| microfocus | access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED81DCE6-EC3E-4910-90FB-19CCFAA53D54",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F42B44F-A741-4ED3-8D46-6D1B6DAA0201",
"versionEndExcluding": "5.0.1",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
},
{
"lang": "es",
"value": "Una vulnerabilidad de Redirecci\u00f3n Abierta en NetIQ Access Manager versiones anteriores a 5.0.1 y 4.5.4"
}
],
"id": "CVE-2021-22526",
"lastModified": "2024-11-21T05:50:16.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 2.7,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-13T12:15:09.797",
"references": [
{
"source": "security@opentext.com",
"url": "https://support.microfocus.com/kb/doc.php?id=7025257"
},
{
"source": "security@opentext.com",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.microfocus.com/kb/doc.php?id=7025257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22524
Vulnerability from fkie_nvd - Published: 2021-09-13 12:15 - Updated: 2024-11-21 05:50
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | access_manager | * | |
| microfocus | access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED81DCE6-EC3E-4910-90FB-19CCFAA53D54",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F42B44F-A741-4ED3-8D46-6D1B6DAA0201",
"versionEndExcluding": "5.0.1",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
},
{
"lang": "es",
"value": "Un ataque de inyecci\u00f3n caus\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio en NetIQ Access Manager versiones anteriores a 5.0.1 y 4.5.4"
}
],
"id": "CVE-2021-22524",
"lastModified": "2024-11-21T05:50:16.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 4.0,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-13T12:15:08.790",
"references": [
{
"source": "security@opentext.com",
"url": "https://support.microfocus.com/kb/doc.php?id=7025256"
},
{
"source": "security@opentext.com",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.microfocus.com/kb/doc.php?id=7025256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-91"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-91"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22525
Vulnerability from fkie_nvd - Published: 2021-09-02 17:15 - Updated: 2024-11-21 05:50
Severity ?
Summary
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94EBCD49-CCE3-413F-85BB-5A48B47F290B",
"versionEndExcluding": "5.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1"
},
{
"lang": "es",
"value": "Esta versi\u00f3n soluciona una posible vulnerabilidad de filtrado de informaci\u00f3n en NetIQ Access Manager versiones anteriores a 5.0.1"
}
],
"id": "CVE-2021-22525",
"lastModified": "2024-11-21T05:50:16.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-02T17:15:08.007",
"references": [
{
"source": "security@opentext.com",
"url": "https://support.microfocus.com/kb/doc.php?id=7025254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.microfocus.com/kb/doc.php?id=7025254"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-25840
Vulnerability from fkie_nvd - Published: 2021-03-26 14:15 - Updated: 2024-11-21 05:18
Severity ?
Summary
Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A53E36-0652-4D66-B500-588777280039",
"versionEndExcluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-Site scripting en el producto Micro Focus Access Manager afecta a todas las versiones anteriores a 5.0.\u0026#xa0;La vulnerabilidad podr\u00eda causar una destrucci\u00f3n de la configuraci\u00f3n."
}
],
"id": "CVE-2020-25840",
"lastModified": "2024-11-21T05:18:52.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-26T14:15:11.903",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22506
Vulnerability from fkie_nvd - Published: 2021-03-26 14:15 - Updated: 2025-10-27 16:58
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | access_manager | * |
{
"cisaActionDue": "2021-11-17",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Micro Focus Access Manager Information Leakage Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A53E36-0652-4D66-B500-588777280039",
"versionEndExcluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage."
},
{
"lang": "es",
"value": "Una configuraci\u00f3n avanzada que expone una vulnerabilidad de Filtrado de Informaci\u00f3n en el producto Micro Focus Access Manager afecta a todas las versiones anteriores a 5.0.\u0026#xa0;La vulnerabilidad podr\u00eda causar un filtrado de informaci\u00f3n."
}
],
"id": "CVE-2021-22506",
"lastModified": "2025-10-27T16:58:39.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2021-03-26T14:15:11.967",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Release Notes"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22506"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22496
Vulnerability from fkie_nvd - Published: 2021-03-25 16:15 - Updated: 2024-11-21 05:50
Severity ?
Summary
Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB19642C-21FB-481C-B098-981057EF1A3E",
"versionEndExcluding": "4.5.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Omisi\u00f3n de Autenticaci\u00f3n en Micro Focus Access Manager Product afecta a todas las versiones anteriores a 4.5.3.3.\u0026#xa0;La vulnerabilidad podr\u00eda causar una filtraci\u00f3n de informaci\u00f3n"
}
],
"id": "CVE-2021-22496",
"lastModified": "2024-11-21T05:50:13.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-25T16:15:13.977",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/access-manager-45-appliance/accessmanager453-p3-release-notes/data/accessmanager453-p3-release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/access-manager-45-appliance/accessmanager453-p3-release-notes/data/accessmanager453-p3-release-notes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-17948
Vulnerability from fkie_nvd - Published: 2018-11-20 18:29 - Updated: 2024-11-21 03:55
Severity ?
Summary
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | access_manager | * | |
| microfocus | access_manager | 4.4 | |
| microfocus | access_manager | 4.4 | |
| microfocus | access_manager | 4.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFDD02E8-77CC-4EDF-B27C-69ADC12EEA31",
"versionEndExcluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:4.4:-:*:*:*:*:*:*",
"matchCriteriaId": "EEF60190-4463-4755-9486-4984B088D280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:4.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5FAEBC8E-0639-44AA-BD99-1AF39C95868F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:access_manager:4.4:sp2:*:*:*:*:*:*",
"matchCriteriaId": "20E15006-D35D-471F-9F36-DD06C19DAEB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de redirecci\u00f3n abierta en Access Manager Identity Provider en versiones anteriores a la 4.4 SP3."
}
],
"id": "CVE-2018-17948",
"lastModified": "2024-11-21T03:55:15.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-20T18:29:00.277",
"references": [
{
"source": "security@opentext.com",
"url": "https://support.microfocus.com/kb/doc.php?id=7023530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.microfocus.com/kb/doc.php?id=7023530"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-22531 (GCVE-0-2021-22531)
Vulnerability from cvelistv5 – Published: 2022-05-12 18:52 – Updated: 2024-08-03 18:44
VLAI?
Summary
A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0
Severity ?
No CVSS data available.
CWE
- Cross Site Scripting vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | NetIQ Access Manager |
Affected:
4.5, 5.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Access Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.5, 5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T18:52:38",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-22531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"version_value": "4.5, 5.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html",
"refsource": "MISC",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22531",
"datePublished": "2022-05-12T18:52:38",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:14.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22526 (GCVE-0-2021-22526)
Vulnerability from cvelistv5 – Published: 2021-09-13 12:00 – Updated: 2024-09-16 18:43
VLAI?
Title
Open Redirection vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
Summary
Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Severity ?
4.9 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:13.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025257"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"changes": [
{
"at": "4.5.4",
"status": "unaffected"
}
],
"lessThan": "5.0.1",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T12:00:50",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025257"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Open Redirection vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-08-31T00:00:00.000Z",
"ID": "CVE-2021-22526",
"STATE": "PUBLIC",
"TITLE": "Open Redirection vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.1"
},
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "4.5.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025257",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7025257"
}
]
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22526",
"datePublished": "2021-09-13T12:00:50.890830Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-16T18:43:47.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22524 (GCVE-0-2021-22524)
Vulnerability from cvelistv5 – Published: 2021-09-13 11:58 – Updated: 2024-09-17 01:35
VLAI?
Title
Denial of service vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
Summary
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Severity ?
5.4 (Medium)
CWE
- CWE-91 - XML Injection (aka Blind XPath Injection)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.1
(custom)
|
Credits
Special thanks to Sipke Mellema for responsibly disclosing this vulnerability
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"changes": [
{
"at": "4.5.4",
"status": "unaffected"
}
],
"lessThan": "5.0.1",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Sipke Mellema for responsibly disclosing this vulnerability"
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-91",
"description": "CWE-91 XML Injection (aka Blind XPath Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T11:58:31",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025256"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial of service vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-08-31T00:00:00.000Z",
"ID": "CVE-2021-22524",
"STATE": "PUBLIC",
"TITLE": "Denial of service vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.1"
},
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "4.5.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks to Sipke Mellema for responsibly disclosing this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-91 XML Injection (aka Blind XPath Injection)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025256",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7025256"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22524",
"datePublished": "2021-09-13T11:58:31.576666Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-17T01:35:57.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22527 (GCVE-0-2021-22527)
Vulnerability from cvelistv5 – Published: 2021-09-13 11:56 – Updated: 2024-09-16 23:30
VLAI?
Title
Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
Summary
Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Severity ?
6 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"changes": [
{
"at": "4.5.4",
"status": "unaffected"
}
],
"lessThan": "5.0.1",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T11:56:22",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025258"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-08-31T00:00:00.000Z",
"ID": "CVE-2021-22527",
"STATE": "PUBLIC",
"TITLE": "Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.1"
},
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "4.5.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025258",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7025258"
}
]
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22527",
"datePublished": "2021-09-13T11:56:22.591599Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-16T23:30:39.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22528 (GCVE-0-2021-22528)
Vulnerability from cvelistv5 – Published: 2021-09-13 11:42 – Updated: 2024-09-17 02:21
VLAI?
Title
Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
Summary
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Severity ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.1
(custom)
|
Credits
Special thanks to the researcher community for reporting this to us as part of responsible disclosure, anonymously
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025259"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"changes": [
{
"at": "4.5.4",
"status": "unaffected"
}
],
"lessThan": "5.0.1",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to the researcher community for reporting this to us as part of responsible disclosure, anonymously"
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T11:42:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025259"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-08-31T00:00:00.000Z",
"ID": "CVE-2021-22528",
"STATE": "PUBLIC",
"TITLE": "Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.1"
},
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "4.5.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks to the researcher community for reporting this to us as part of responsible disclosure, anonymously"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025259",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7025259"
},
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22528",
"datePublished": "2021-09-13T11:42:07.116392Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-17T02:21:09.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22525 (GCVE-0-2021-22525)
Vulnerability from cvelistv5 – Published: 2021-09-02 16:56 – Updated: 2024-08-03 18:44
VLAI?
Summary
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1
Severity ?
No CVSS data available.
CWE
- information leakage vulnerability.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | NetIQ Access Manager versions prior to 5.0.1 |
Affected:
NetIQ Access Manager versions prior to 5.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025254"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Access Manager versions prior to 5.0.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "NetIQ Access Manager versions prior to 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leakage vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-02T16:56:41",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025254"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-22525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager versions prior to 5.0.1",
"version": {
"version_data": [
{
"version_value": "NetIQ Access Manager versions prior to 5.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leakage vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025254",
"refsource": "MISC",
"url": "https://support.microfocus.com/kb/doc.php?id=7025254"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22525",
"datePublished": "2021-09-02T16:56:41",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:14.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25840 (GCVE-0-2020-25840)
Vulnerability from cvelistv5 – Published: 2021-03-26 13:41 – Updated: 2024-08-04 15:40
VLAI?
Summary
Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction.
Severity ?
No CVSS data available.
CWE
- Cross-Site scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Access Manager. |
Affected:
All version prior version 5.0.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All version prior version 5.0."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-26T13:41:51",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-25840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager.",
"version": {
"version_data": [
{
"version_value": "All version prior version 5.0."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html",
"refsource": "MISC",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-25840",
"datePublished": "2021-03-26T13:41:51",
"dateReserved": "2020-09-23T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22506 (GCVE-0-2021-22506)
Vulnerability from cvelistv5 – Published: 2021-03-26 13:37 – Updated: 2025-10-21 23:25
VLAI?
Summary
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.
Severity ?
7.5 (High)
CWE
- Information Leakage
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Access Manager. |
Affected:
All version prior version 5.0.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-22506",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T20:51:43.024883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22506"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:51.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22506"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2021-22506 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Access Manager.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All version prior version 5.0."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-26T13:37:22.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-22506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager.",
"version": {
"version_data": [
{
"version_value": "All version prior version 5.0."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html",
"refsource": "MISC",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22506",
"datePublished": "2021-03-26T13:37:22.000Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:51.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22496 (GCVE-0-2021-22496)
Vulnerability from cvelistv5 – Published: 2021-03-25 15:56 – Updated: 2024-08-03 18:44
VLAI?
Summary
Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage.
Severity ?
No CVSS data available.
CWE
- Authentication Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Access Manager |
Affected:
Access Manager versions prior to 4.5.3.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/access-manager-45-appliance/accessmanager453-p3-release-notes/data/accessmanager453-p3-release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access Manager versions prior to 4.5.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-25T15:56:32",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netiq.com/documentation/access-manager-45-appliance/accessmanager453-p3-release-notes/data/accessmanager453-p3-release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-22496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"version_value": "Access Manager versions prior to 4.5.3.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/access-manager-45-appliance/accessmanager453-p3-release-notes/data/accessmanager453-p3-release-notes.html",
"refsource": "MISC",
"url": "https://www.netiq.com/documentation/access-manager-45-appliance/accessmanager453-p3-release-notes/data/accessmanager453-p3-release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22496",
"datePublished": "2021-03-25T15:56:32",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:14.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17948 (GCVE-0-2018-17948)
Vulnerability from cvelistv5 – Published: 2018-11-20 18:00 – Updated: 2024-09-16 18:13
VLAI?
Summary
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
Severity ?
No CVSS data available.
CWE
- Open Redirect
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Access Manager | Access Manager |
Affected:
Versions prior to 4.4 SP3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7023530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "Access Manager",
"versions": [
{
"status": "affected",
"version": "Versions prior to 4.4 SP3"
}
]
}
],
"datePublic": "2018-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:58",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7023530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-11-17T00:00:00",
"ID": "CVE-2018-17948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"version_value": "Versions prior to 4.4 SP3"
}
]
}
}
]
},
"vendor_name": "Access Manager"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.microfocus.com/kb/doc.php?id=7023530",
"refsource": "MISC",
"url": "https://support.microfocus.com/kb/doc.php?id=7023530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-17948",
"datePublished": "2018-11-20T18:00:00Z",
"dateReserved": "2018-10-03T00:00:00",
"dateUpdated": "2024-09-16T18:13:03.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22531 (GCVE-0-2021-22531)
Vulnerability from nvd – Published: 2022-05-12 18:52 – Updated: 2024-08-03 18:44
VLAI?
Summary
A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0
Severity ?
No CVSS data available.
CWE
- Cross Site Scripting vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | NetIQ Access Manager |
Affected:
4.5, 5.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Access Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.5, 5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T18:52:38",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-22531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"version_value": "4.5, 5.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html",
"refsource": "MISC",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22531",
"datePublished": "2022-05-12T18:52:38",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:14.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22526 (GCVE-0-2021-22526)
Vulnerability from nvd – Published: 2021-09-13 12:00 – Updated: 2024-09-16 18:43
VLAI?
Title
Open Redirection vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
Summary
Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Severity ?
4.9 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:13.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025257"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"changes": [
{
"at": "4.5.4",
"status": "unaffected"
}
],
"lessThan": "5.0.1",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T12:00:50",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025257"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Open Redirection vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-08-31T00:00:00.000Z",
"ID": "CVE-2021-22526",
"STATE": "PUBLIC",
"TITLE": "Open Redirection vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.1"
},
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "4.5.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025257",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7025257"
}
]
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22526",
"datePublished": "2021-09-13T12:00:50.890830Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-16T18:43:47.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22524 (GCVE-0-2021-22524)
Vulnerability from nvd – Published: 2021-09-13 11:58 – Updated: 2024-09-17 01:35
VLAI?
Title
Denial of service vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
Summary
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Severity ?
5.4 (Medium)
CWE
- CWE-91 - XML Injection (aka Blind XPath Injection)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.1
(custom)
|
Credits
Special thanks to Sipke Mellema for responsibly disclosing this vulnerability
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"changes": [
{
"at": "4.5.4",
"status": "unaffected"
}
],
"lessThan": "5.0.1",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Sipke Mellema for responsibly disclosing this vulnerability"
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-91",
"description": "CWE-91 XML Injection (aka Blind XPath Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T11:58:31",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025256"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial of service vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-08-31T00:00:00.000Z",
"ID": "CVE-2021-22524",
"STATE": "PUBLIC",
"TITLE": "Denial of service vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.1"
},
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "4.5.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks to Sipke Mellema for responsibly disclosing this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-91 XML Injection (aka Blind XPath Injection)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025256",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7025256"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22524",
"datePublished": "2021-09-13T11:58:31.576666Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-17T01:35:57.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22527 (GCVE-0-2021-22527)
Vulnerability from nvd – Published: 2021-09-13 11:56 – Updated: 2024-09-16 23:30
VLAI?
Title
Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
Summary
Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Severity ?
6 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"changes": [
{
"at": "4.5.4",
"status": "unaffected"
}
],
"lessThan": "5.0.1",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T11:56:22",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025258"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-08-31T00:00:00.000Z",
"ID": "CVE-2021-22527",
"STATE": "PUBLIC",
"TITLE": "Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.1"
},
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "4.5.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025258",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7025258"
}
]
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22527",
"datePublished": "2021-09-13T11:56:22.591599Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-16T23:30:39.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22528 (GCVE-0-2021-22528)
Vulnerability from nvd – Published: 2021-09-13 11:42 – Updated: 2024-09-17 02:21
VLAI?
Title
Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
Summary
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Severity ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.1
(custom)
|
Credits
Special thanks to the researcher community for reporting this to us as part of responsible disclosure, anonymously
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025259"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"changes": [
{
"at": "4.5.4",
"status": "unaffected"
}
],
"lessThan": "5.0.1",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to the researcher community for reporting this to us as part of responsible disclosure, anonymously"
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T11:42:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025259"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-08-31T00:00:00.000Z",
"ID": "CVE-2021-22528",
"STATE": "PUBLIC",
"TITLE": "Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.1"
},
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "4.5.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks to the researcher community for reporting this to us as part of responsible disclosure, anonymously"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025259",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7025259"
},
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22528",
"datePublished": "2021-09-13T11:42:07.116392Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-17T02:21:09.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22525 (GCVE-0-2021-22525)
Vulnerability from nvd – Published: 2021-09-02 16:56 – Updated: 2024-08-03 18:44
VLAI?
Summary
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1
Severity ?
No CVSS data available.
CWE
- information leakage vulnerability.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | NetIQ Access Manager versions prior to 5.0.1 |
Affected:
NetIQ Access Manager versions prior to 5.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025254"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Access Manager versions prior to 5.0.1",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "NetIQ Access Manager versions prior to 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leakage vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-02T16:56:41",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025254"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-22525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager versions prior to 5.0.1",
"version": {
"version_data": [
{
"version_value": "NetIQ Access Manager versions prior to 5.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leakage vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025254",
"refsource": "MISC",
"url": "https://support.microfocus.com/kb/doc.php?id=7025254"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22525",
"datePublished": "2021-09-02T16:56:41",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:14.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25840 (GCVE-0-2020-25840)
Vulnerability from nvd – Published: 2021-03-26 13:41 – Updated: 2024-08-04 15:40
VLAI?
Summary
Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction.
Severity ?
No CVSS data available.
CWE
- Cross-Site scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Access Manager. |
Affected:
All version prior version 5.0.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All version prior version 5.0."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-26T13:41:51",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-25840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager.",
"version": {
"version_data": [
{
"version_value": "All version prior version 5.0."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html",
"refsource": "MISC",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-25840",
"datePublished": "2021-03-26T13:41:51",
"dateReserved": "2020-09-23T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22506 (GCVE-0-2021-22506)
Vulnerability from nvd – Published: 2021-03-26 13:37 – Updated: 2025-10-21 23:25
VLAI?
Summary
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.
Severity ?
7.5 (High)
CWE
- Information Leakage
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Access Manager. |
Affected:
All version prior version 5.0.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-22506",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T20:51:43.024883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22506"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:51.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22506"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2021-22506 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Access Manager.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All version prior version 5.0."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-26T13:37:22.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-22506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager.",
"version": {
"version_data": [
{
"version_value": "All version prior version 5.0."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html",
"refsource": "MISC",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22506",
"datePublished": "2021-03-26T13:37:22.000Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:51.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22496 (GCVE-0-2021-22496)
Vulnerability from nvd – Published: 2021-03-25 15:56 – Updated: 2024-08-03 18:44
VLAI?
Summary
Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage.
Severity ?
No CVSS data available.
CWE
- Authentication Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Access Manager |
Affected:
Access Manager versions prior to 4.5.3.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/access-manager-45-appliance/accessmanager453-p3-release-notes/data/accessmanager453-p3-release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Access Manager versions prior to 4.5.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-25T15:56:32",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netiq.com/documentation/access-manager-45-appliance/accessmanager453-p3-release-notes/data/accessmanager453-p3-release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-22496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"version_value": "Access Manager versions prior to 4.5.3.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/access-manager-45-appliance/accessmanager453-p3-release-notes/data/accessmanager453-p3-release-notes.html",
"refsource": "MISC",
"url": "https://www.netiq.com/documentation/access-manager-45-appliance/accessmanager453-p3-release-notes/data/accessmanager453-p3-release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22496",
"datePublished": "2021-03-25T15:56:32",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:14.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17948 (GCVE-0-2018-17948)
Vulnerability from nvd – Published: 2018-11-20 18:00 – Updated: 2024-09-16 18:13
VLAI?
Summary
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
Severity ?
No CVSS data available.
CWE
- Open Redirect
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Access Manager | Access Manager |
Affected:
Versions prior to 4.4 SP3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7023530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "Access Manager",
"versions": [
{
"status": "affected",
"version": "Versions prior to 4.4 SP3"
}
]
}
],
"datePublic": "2018-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:58",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7023530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-11-17T00:00:00",
"ID": "CVE-2018-17948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"version_value": "Versions prior to 4.4 SP3"
}
]
}
}
]
},
"vendor_name": "Access Manager"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.microfocus.com/kb/doc.php?id=7023530",
"refsource": "MISC",
"url": "https://support.microfocus.com/kb/doc.php?id=7023530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-17948",
"datePublished": "2018-11-20T18:00:00Z",
"dateReserved": "2018-10-03T00:00:00",
"dateUpdated": "2024-09-16T18:13:03.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}