Search criteria
72 vulnerabilities found for access_manager by netiq
FKIE_CVE-2020-11843
Vulnerability from fkie_nvd - Published: 2024-06-11 08:15 - Updated: 2024-11-21 04:58
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netiq | access_manager | * | |
| netiq | access_manager | 4.4 | |
| netiq | access_manager | 4.4 | |
| netiq | access_manager | 4.4 | |
| netiq | access_manager | 4.4 | |
| netiq | access_manager | 4.4 | |
| netiq | access_manager | 4.4 | |
| netiq | access_manager | 4.5 | |
| netiq | access_manager | 4.5 | |
| netiq | access_manager | 4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D261206-80B6-4E59-8060-1578F5B3B9F8",
"versionEndExcluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:access_manager:4.4:-:*:*:*:*:*:*",
"matchCriteriaId": "9A366449-0183-4C9B-A5B3-33ED6A957D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:access_manager:4.4:hotfix1:*:*:*:*:*:*",
"matchCriteriaId": "EE571DD4-8E40-4AED-A888-768E35B3CDED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:access_manager:4.4:sp1:*:*:*:*:*:*",
"matchCriteriaId": "DB595187-8045-4E5B-9C0C-074BC42688E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:access_manager:4.4:sp2:*:*:*:*:*:*",
"matchCriteriaId": "67EDAB59-ABBA-480C-834A-49BA629D9B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:access_manager:4.4:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F4208CD4-0070-4964-BDCD-6709A3D671D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:access_manager:4.4:sp4:*:*:*:*:*:*",
"matchCriteriaId": "5F092547-50EE-4B84-A9E8-270E62AADEF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:access_manager:4.5:-:*:*:*:*:*:*",
"matchCriteriaId": "7BBC7CD4-D6DC-4A4B-8E45-39A352D3B743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:access_manager:4.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "434E0D6D-2777-4611-9A65-2CE0B77559DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:access_manager:4.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "6BE80700-C124-4A37-B5EE-3DB87F8365CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This allows the information exposure to unauthorized users.\u00a0This issue affects NetIQ Access Manager using version 4.5 or before"
},
{
"lang": "es",
"value": "Esto permite la exposici\u00f3n de la informaci\u00f3n a usuarios no autorizados. Este problema afecta a NetIQ Access Manager con la versi\u00f3n 4.5 o anterior"
}
],
"id": "CVE-2020-11843",
"lastModified": "2024-11-21T04:58:44.397",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-11T08:15:48.213",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Release Notes"
],
"url": "https://www.netiq.com/documentation/access-manager-44/accessmanager444-hf3-release-notes/data/accessmanager444-hf3-release-notes.html"
},
{
"source": "security@opentext.com",
"tags": [
"Release Notes"
],
"url": "https://www.netiq.com/documentation/access-manager-45/accessmanager452-hf1-release-notes/data/accessmanager452-hf1-release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.netiq.com/documentation/access-manager-44/accessmanager444-hf3-release-notes/data/accessmanager444-hf3-release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.netiq.com/documentation/access-manager-45/accessmanager452-hf1-release-notes/data/accessmanager452-hf1-release-notes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-7678
Vulnerability from fkie_nvd - Published: 2018-03-14 15:29 - Updated: 2024-11-21 04:12
Severity ?
3.5 (Low) - CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.8 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netiq | access_manager | 4.3 | |
| netiq | access_manager | 4.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:access_manager:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "51430A7A-F79D-445D-ABF8-A8B4ADE98FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:access_manager:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "36A890D3-618E-4060-9349-36BA7F7B4240",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross-Site Scripting (XSS) en la consola de administraci\u00f3n en NetIQ Access Manager (NAM) , versiones 4.3 y 4.4."
}
],
"id": "CVE-2018-7678",
"lastModified": "2024-11-21T04:12:31.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-14T15:29:00.257",
"references": [
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/bid/103421"
},
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/support/kb/doc.php?id=7022724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/103421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/support/kb/doc.php?id=7022724"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-7677
Vulnerability from fkie_nvd - Published: 2018-03-14 15:29 - Updated: 2024-11-21 04:12
Severity ?
3.5 (Low) - CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netiq | access_manager | 4.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:access_manager:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "36A890D3-618E-4060-9349-36BA7F7B4240",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component."
},
{
"lang": "es",
"value": "Existe exposici\u00f3n CSRF en NetIQ Access Manager (NAM) 4.4, en el componente Identity Server."
}
],
"id": "CVE-2018-7677",
"lastModified": "2024-11-21T04:12:31.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-14T15:29:00.210",
"references": [
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/bid/103420"
},
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/support/kb/doc.php?id=7022725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/103420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/support/kb/doc.php?id=7022725"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-14802
Vulnerability from fkie_nvd - Published: 2018-03-02 20:29 - Updated: 2024-11-21 03:13
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netiq | access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8EA971-4151-4119-B5DE-5BE07011A373",
"versionEndIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites."
},
{
"lang": "es",
"value": "Los servidores Novell Access Manager Admin Console y IDP en versiones anteriores a la 4.3.3 tienen una URL que podr\u00eda ser empleada por atacantes remotos para desencadenar redirecciones sin validar a sitios de terceros."
}
],
"id": "CVE-2017-14802",
"lastModified": "2024-11-21T03:13:32.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-02T20:29:00.317",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7022360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7022360"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-14801
Vulnerability from fkie_nvd - Published: 2018-03-02 20:29 - Updated: 2024-11-21 03:13
Severity ?
4.6 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netiq | access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C10FC0FE-724E-4E73-97C8-AE22C9F3AB3C",
"versionEndExcluding": "4.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter."
},
{
"lang": "es",
"value": "Cross-Site Scripting (XSS) reflejado en NetIQ Access Manager, en versiones anteriores a la 4.3.3, permit\u00eda que atacantes reflejasen XSS en la p\u00e1gina llamada empleando el par\u00e1metro url."
}
],
"id": "CVE-2017-14801",
"lastModified": "2024-11-21T03:13:31.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-02T20:29:00.270",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7022357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7022357"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-7419
Vulnerability from fkie_nvd - Published: 2018-03-02 20:29 - Updated: 2024-11-21 03:31
Severity ?
4.6 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netiq | access_manager | * | |
| netiq | access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BECB6A29-C463-45BF-9127-22F51AB538DB",
"versionEndExcluding": "4.2.4",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F301AAF-EB18-4E7E-B266-5A30710A5A92",
"versionEndExcluding": "4.3.2",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped \"description\" field that could be specified by the provider."
},
{
"lang": "es",
"value": "Una aplicaci\u00f3n OAuth en NetIQ Access Manager, en versiones 4.3 anteriores a la 4.3.2 y versiones 4.2 anteriores a la 4.2.4, permit\u00eda ataques de Cross-Site Scripting (XSS) debido a un campo \"description\" sin escapar que podr\u00eda especificar el proveedor."
}
],
"id": "CVE-2017-7419",
"lastModified": "2024-11-21T03:31:51.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-02T20:29:00.427",
"references": [
{
"source": "security@opentext.com",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1031853"
},
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7019893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1031853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7019893"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-9276
Vulnerability from fkie_nvd - Published: 2018-03-02 20:29 - Updated: 2024-11-21 03:35
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netiq | access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C10FC0FE-724E-4E73-97C8-AE22C9F3AB3C",
"versionEndExcluding": "4.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the \"a\" parameter."
},
{
"lang": "es",
"value": "Novell Access Manager iManager, en versiones anteriores a la 4.3.3, no validaba par\u00e1metros, por lo que el contenido de Cross-Site Scripting (XSS) pod\u00eda reflejarse de nuevo en la p\u00e1gina de resultados mediante un par\u00e1metro \"a\"."
}
],
"id": "CVE-2017-9276",
"lastModified": "2024-11-21T03:35:44.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-02T20:29:00.723",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7022359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7022359"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-14799
Vulnerability from fkie_nvd - Published: 2018-03-01 20:29 - Updated: 2024-11-21 03:13
Severity ?
4.6 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netiq | access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C10FC0FE-724E-4E73-97C8-AE22C9F3AB3C",
"versionEndExcluding": "4.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page."
},
{
"lang": "es",
"value": "Un ataque de Cross-Site Scripting (XSS) en la gesti\u00f3n del par\u00e1metro ESP login en NetIQ Access Manager, en versiones anteriores a la 4.3.3, podr\u00eda emplearse para inyectar c\u00f3digo JavaScript en la p\u00e1gina de inicio de sesi\u00f3n."
}
],
"id": "CVE-2017-14799",
"lastModified": "2024-11-21T03:13:31.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-01T20:29:00.303",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7022358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7022358"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-14800
Vulnerability from fkie_nvd - Published: 2018-03-01 20:29 - Updated: 2024-11-21 03:13
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netiq | access_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C10FC0FE-724E-4E73-97C8-AE22C9F3AB3C",
"versionEndExcluding": "4.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the \"typecontainerid\" parameter of the policy editor could allowed code injection into pages of authenticated users."
},
{
"lang": "es",
"value": "Un ataque de Cross-Site Scripting (XSS) reflejado en NetIQ Access Manager, en versiones anteriores a la 4.3.3, al emplear el par\u00e1metro \"typecontainerid\" del editor de pol\u00edticas, podr\u00eda permitir la inyecci\u00f3n de c\u00f3digo en p\u00e1ginas de usuarios autenticados."
}
],
"id": "CVE-2017-14800",
"lastModified": "2024-11-21T03:13:31.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-01T20:29:00.367",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7022356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7022356"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1342
Vulnerability from fkie_nvd - Published: 2018-01-26 02:29 - Updated: 2024-11-21 03:59
Severity ?
Summary
A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netiq | access_manager | 4.3 | |
| netiq | access_manager | 4.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netiq:access_manager:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "51430A7A-F79D-445D-ABF8-A8B4ADE98FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:access_manager:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "36A890D3-618E-4060-9349-36BA7F7B4240",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en Admin Console en la que un atacante puede subir archivos en el servidor de Admin Console y ejecutarlos. Esto provoca un impacto en las versiones 4.3 y 4.4 de NetIQ Access Manager, as\u00ed como la consola de administraci\u00f3n."
}
],
"id": "CVE-2018-1342",
"lastModified": "2024-11-21T03:59:39.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-26T02:29:03.940",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7022444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7022444"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-11843 (GCVE-0-2020-11843)
Vulnerability from cvelistv5 – Published: 2024-06-11 07:23 – Updated: 2024-08-04 11:42
VLAI?
Summary
This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before
Severity ?
6.5 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | NetIQ Access Manager |
Affected:
4.5 , < <
(server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-11843",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:48:24.994478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:48:33.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/access-manager-45/accessmanager452-hf1-release-notes/data/accessmanager452-hf1-release-notes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/access-manager-44/accessmanager444-hf3-release-notes/data/accessmanager444-hf3-release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "NetIQ Access Manager",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "4.5",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This allows the information exposure to unauthorized users.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects NetIQ Access Manager using version 4.5 or before\u0026nbsp;\u003c/span\u003e"
}
],
"value": "This allows the information exposure to unauthorized users.\u00a0This issue affects NetIQ Access Manager using version 4.5 or before"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T07:23:38.502Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/access-manager-45/accessmanager452-hf1-release-notes/data/accessmanager452-hf1-release-notes.html"
},
{
"url": "https://www.netiq.com/documentation/access-manager-44/accessmanager444-hf3-release-notes/data/accessmanager444-hf3-release-notes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential information leakage in administrator enabled debug mode",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2020-11843",
"datePublished": "2024-06-11T07:23:38.502Z",
"dateReserved": "2020-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7678 (GCVE-0-2018-7678)
Vulnerability from cvelistv5 – Published: 2018-03-14 15:00 – Updated: 2024-08-05 06:31
VLAI?
Summary
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.
Severity ?
CWE
- XSS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | NetIQ Access Manager (NAM) Admin Console |
Affected:
Access Manager 4.4
Affected: Access Manager 4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7022724"
},
{
"name": "103421",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103421"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Access Manager (NAM) Admin Console",
"vendor": "NetIQ",
"versions": [
{
"status": "affected",
"version": "Access Manager 4.4"
},
{
"status": "affected",
"version": "Access Manager 4.3"
}
]
}
],
"datePublic": "2018-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7022724"
},
{
"name": "103421",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103421"
}
],
"solutions": [
{
"lang": "en",
"value": "Apply 4.4 SP1."
}
],
"source": {
"advisory": "https://www.netiq.com/support/kb/doc.php?id=7022724",
"defect": [
"XSS",
"vulnerability"
],
"discovery": "INTERNAL"
},
"title": "XSS vulnerability in NetIQ Access Manager (NAM) Admin Console component",
"workarounds": [
{
"lang": "en",
"value": "Apply 4.4 SP1."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-7678",
"STATE": "PUBLIC",
"TITLE": "XSS vulnerability in NetIQ Access Manager (NAM) Admin Console component"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager (NAM) Admin Console",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "Access Manager",
"version_value": "4.4"
},
{
"affected": "=",
"version_affected": "=",
"version_name": "Access Manager",
"version_value": "4.3"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/support/kb/doc.php?id=7022724",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/support/kb/doc.php?id=7022724"
},
{
"name": "103421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103421"
}
]
},
"solution": [
{
"lang": "en",
"value": "Apply 4.4 SP1."
}
],
"source": {
"advisory": "https://www.netiq.com/support/kb/doc.php?id=7022724",
"defect": [
"XSS",
"vulnerability"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Apply 4.4 SP1."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7678",
"datePublished": "2018-03-14T15:00:00",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-08-05T06:31:05.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7677 (GCVE-0-2018-7677)
Vulnerability from cvelistv5 – Published: 2018-03-14 15:00 – Updated: 2024-08-05 06:31
VLAI?
Summary
A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.
Severity ?
CWE
- CSRF
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | NetIQ Access Manager (NAM) Admin Console |
Affected:
Access Manager 4.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7022725"
},
{
"name": "103420",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103420"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Access Manager (NAM) Admin Console",
"vendor": "NetIQ",
"versions": [
{
"status": "affected",
"version": "Access Manager 4.4"
}
]
}
],
"datePublic": "2018-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:47",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7022725"
},
{
"name": "103420",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103420"
}
],
"solutions": [
{
"lang": "en",
"value": "Apply 4.4 SP1."
}
],
"source": {
"advisory": "https://www.netiq.com/support/kb/doc.php?id=7022725",
"defect": [
"CSRF"
],
"discovery": "INTERNAL"
},
"title": "CSRF in NetIQ Access Manager (NAM) Identity Server component",
"workarounds": [
{
"lang": "en",
"value": "Apply 4.4 SP1."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-7677",
"STATE": "PUBLIC",
"TITLE": "CSRF in NetIQ Access Manager (NAM) Identity Server component"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager (NAM) Admin Console",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "Access Manager",
"version_value": "4.4"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/support/kb/doc.php?id=7022725",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/support/kb/doc.php?id=7022725"
},
{
"name": "103420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103420"
}
]
},
"solution": [
{
"lang": "en",
"value": "Apply 4.4 SP1."
}
],
"source": {
"advisory": "https://www.netiq.com/support/kb/doc.php?id=7022725",
"defect": [
"CSRF"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Apply 4.4 SP1."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7677",
"datePublished": "2018-03-14T15:00:00",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-08-05T06:31:05.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14802 (GCVE-0-2017-14802)
Vulnerability from cvelistv5 – Published: 2018-03-02 20:00 – Updated: 2024-09-17 02:41
VLAI?
Summary
Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites.
Severity ?
5.4 (Medium)
CWE
- redirect to untrusted sites
- CWE-601
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | Access Manager |
Affected:
4.3 , < 4.3.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022360"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.3.3",
"status": "affected",
"version": "4.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "redirect to untrusted sites",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:26",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022360"
}
],
"source": {
"advisory": "7022360",
"discovery": "EXTERNAL"
},
"title": "Unvalidated Redirect in NetIQ Access Manager after upgrading to NAM 4.3 AC and IDP URLs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
"ID": "CVE-2017-14802",
"STATE": "PUBLIC",
"TITLE": "Unvalidated Redirect in NetIQ Access Manager after upgrading to NAM 4.3 AC and IDP URLs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.3",
"version_value": "4.3.3"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "redirect to untrusted sites"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-601"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7022360",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7022360"
}
]
},
"source": {
"advisory": "7022360",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-14802",
"datePublished": "2018-03-02T20:00:00Z",
"dateReserved": "2017-09-27T00:00:00",
"dateUpdated": "2024-09-17T02:41:52.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9276 (GCVE-0-2017-9276)
Vulnerability from cvelistv5 – Published: 2018-03-02 20:00 – Updated: 2024-09-17 03:48
VLAI?
Summary
Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter.
Severity ?
5.4 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | Access Manager |
Affected:
unspecified , < 4.3.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022359"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the \"a\" parameter."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:33",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022359"
}
],
"source": {
"advisory": "7022359",
"defect": [
"1044115"
],
"discovery": "EXTERNAL"
},
"title": "XSS Vulnerability in iManager",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
"ID": "CVE-2017-9276",
"STATE": "PUBLIC",
"TITLE": "XSS Vulnerability in iManager"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "4.3.3"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the \"a\" parameter."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7022359",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7022359"
}
]
},
"source": {
"advisory": "7022359",
"defect": [
"1044115"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-9276",
"datePublished": "2018-03-02T20:00:00Z",
"dateReserved": "2017-05-29T00:00:00",
"dateUpdated": "2024-09-17T03:48:57.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7419 (GCVE-0-2017-7419)
Vulnerability from cvelistv5 – Published: 2018-03-02 20:00 – Updated: 2024-09-16 17:29
VLAI?
Summary
A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.
Severity ?
4.6 (Medium)
CWE
- cross site scripting attack
- CWE-79
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | Access Manager |
Affected:
4.3 , < 4.3.2
(custom)
Affected: 4.2 , < 4.2.4 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1031853"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7019893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.3.2",
"status": "affected",
"version": "4.3",
"versionType": "custom"
},
{
"lessThan": "4.2.4",
"status": "affected",
"version": "4.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped \"description\" field that could be specified by the provider."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cross site scripting attack",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:40",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1031853"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7019893"
}
],
"source": {
"advisory": "7019893",
"defect": [
"1031853"
],
"discovery": "INTERNAL"
},
"title": "NetIQ Access Manager OAuth Consent screen XSS attack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-06-09T00:00:00.000Z",
"ID": "CVE-2017-7419",
"STATE": "PUBLIC",
"TITLE": "NetIQ Access Manager OAuth Consent screen XSS attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.3",
"version_value": "4.3.2"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.2",
"version_value": "4.2.4"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped \"description\" field that could be specified by the provider."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cross site scripting attack"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1031853",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1031853"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7019893",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7019893"
}
]
},
"source": {
"advisory": "7019893",
"defect": [
"1031853"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-7419",
"datePublished": "2018-03-02T20:00:00Z",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-09-16T17:29:02.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14801 (GCVE-0-2017-14801)
Vulnerability from cvelistv5 – Published: 2018-03-02 20:00 – Updated: 2024-09-17 03:03
VLAI?
Summary
Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter.
Severity ?
4.6 (Medium)
CWE
- Reflected cross site scripting
- CWE-79
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | Access Manager |
Affected:
4.3 , < 4.3.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022357"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.3.3",
"status": "affected",
"version": "4.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected cross site scripting",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:26",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022357"
}
],
"source": {
"advisory": "7022357",
"discovery": "UNKNOWN"
},
"title": "Reflected xss in Admin Console REST interface",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
"ID": "CVE-2017-14801",
"STATE": "PUBLIC",
"TITLE": "Reflected xss in Admin Console REST interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.3",
"version_value": "4.3.3"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected cross site scripting"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7022357",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7022357"
}
]
},
"source": {
"advisory": "7022357",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-14801",
"datePublished": "2018-03-02T20:00:00Z",
"dateReserved": "2017-09-27T00:00:00",
"dateUpdated": "2024-09-17T03:03:50.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14800 (GCVE-0-2017-14800)
Vulnerability from cvelistv5 – Published: 2018-03-01 19:00 – Updated: 2024-09-16 20:31
VLAI?
Summary
A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users.
Severity ?
5.4 (Medium)
CWE
- reflected cross site scripting attack
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | Access Manager |
Affected:
4.3 , < 4.3.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:40.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022356"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.3.3",
"status": "affected",
"version": "4.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the \"typecontainerid\" parameter of the policy editor could allowed code injection into pages of authenticated users."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected cross site scripting attack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:51",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022356"
}
],
"source": {
"advisory": "7022356",
"discovery": "UNKNOWN"
},
"title": "Reflected xss on Access Manager iManager UI",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
"ID": "CVE-2017-14800",
"STATE": "PUBLIC",
"TITLE": "Reflected xss on Access Manager iManager UI"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.3",
"version_value": "4.3.3"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the \"typecontainerid\" parameter of the policy editor could allowed code injection into pages of authenticated users."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected cross site scripting attack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7022356",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7022356"
}
]
},
"source": {
"advisory": "7022356",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-14800",
"datePublished": "2018-03-01T19:00:00Z",
"dateReserved": "2017-09-27T00:00:00",
"dateUpdated": "2024-09-16T20:31:45.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14799 (GCVE-0-2017-14799)
Vulnerability from cvelistv5 – Published: 2018-03-01 19:00 – Updated: 2024-09-16 17:23
VLAI?
Summary
A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page.
Severity ?
4.6 (Medium)
CWE
- cross site scripting attack in the login parameter handling due to incorrect quoting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | Access Manager |
Affected:
4.3 , < 4.3.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:40.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022358"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.3.3",
"status": "affected",
"version": "4.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cross site scripting attack in the login parameter handling due to incorrect quoting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022358"
}
],
"source": {
"advisory": "7022358",
"discovery": "EXTERNAL"
},
"title": "XSS Vulnerability with ESP URL",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
"ID": "CVE-2017-14799",
"STATE": "PUBLIC",
"TITLE": "XSS Vulnerability with ESP URL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.3",
"version_value": "4.3.3"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cross site scripting attack in the login parameter handling due to incorrect quoting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7022358",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7022358"
}
]
},
"source": {
"advisory": "7022358",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-14799",
"datePublished": "2018-03-01T19:00:00Z",
"dateReserved": "2017-09-27T00:00:00",
"dateUpdated": "2024-09-16T17:23:57.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1342 (GCVE-0-2018-1342)
Vulnerability from cvelistv5 – Published: 2018-01-26 02:00 – Updated: 2024-09-16 16:43
VLAI?
Summary
A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console.
Severity ?
No CVSS data available.
CWE
- Arbitrary file upload to the Admin Console server
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager, Administrative Console |
Affected:
4.3
Affected: 4.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Access Manager, Administrative Console",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"status": "affected",
"version": "4.4"
}
]
}
],
"datePublic": "2017-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary file upload to the Admin Console server",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:37",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022444"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-12-08T00:00:00",
"ID": "CVE-2018-1342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager, Administrative Console",
"version": {
"version_data": [
{
"version_value": "4.3"
},
{
"version_value": "4.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary file upload to the Admin Console server"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7022444",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7022444"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-1342",
"datePublished": "2018-01-26T02:00:00Z",
"dateReserved": "2017-12-10T00:00:00",
"dateUpdated": "2024-09-16T16:43:19.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11843 (GCVE-0-2020-11843)
Vulnerability from nvd – Published: 2024-06-11 07:23 – Updated: 2024-08-04 11:42
VLAI?
Summary
This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before
Severity ?
6.5 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | NetIQ Access Manager |
Affected:
4.5 , < <
(server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-11843",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:48:24.994478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:48:33.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/access-manager-45/accessmanager452-hf1-release-notes/data/accessmanager452-hf1-release-notes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/access-manager-44/accessmanager444-hf3-release-notes/data/accessmanager444-hf3-release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "NetIQ Access Manager",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "4.5",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This allows the information exposure to unauthorized users.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects NetIQ Access Manager using version 4.5 or before\u0026nbsp;\u003c/span\u003e"
}
],
"value": "This allows the information exposure to unauthorized users.\u00a0This issue affects NetIQ Access Manager using version 4.5 or before"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T07:23:38.502Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/access-manager-45/accessmanager452-hf1-release-notes/data/accessmanager452-hf1-release-notes.html"
},
{
"url": "https://www.netiq.com/documentation/access-manager-44/accessmanager444-hf3-release-notes/data/accessmanager444-hf3-release-notes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential information leakage in administrator enabled debug mode",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2020-11843",
"datePublished": "2024-06-11T07:23:38.502Z",
"dateReserved": "2020-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7678 (GCVE-0-2018-7678)
Vulnerability from nvd – Published: 2018-03-14 15:00 – Updated: 2024-08-05 06:31
VLAI?
Summary
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.
Severity ?
CWE
- XSS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | NetIQ Access Manager (NAM) Admin Console |
Affected:
Access Manager 4.4
Affected: Access Manager 4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7022724"
},
{
"name": "103421",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103421"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Access Manager (NAM) Admin Console",
"vendor": "NetIQ",
"versions": [
{
"status": "affected",
"version": "Access Manager 4.4"
},
{
"status": "affected",
"version": "Access Manager 4.3"
}
]
}
],
"datePublic": "2018-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7022724"
},
{
"name": "103421",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103421"
}
],
"solutions": [
{
"lang": "en",
"value": "Apply 4.4 SP1."
}
],
"source": {
"advisory": "https://www.netiq.com/support/kb/doc.php?id=7022724",
"defect": [
"XSS",
"vulnerability"
],
"discovery": "INTERNAL"
},
"title": "XSS vulnerability in NetIQ Access Manager (NAM) Admin Console component",
"workarounds": [
{
"lang": "en",
"value": "Apply 4.4 SP1."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-7678",
"STATE": "PUBLIC",
"TITLE": "XSS vulnerability in NetIQ Access Manager (NAM) Admin Console component"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager (NAM) Admin Console",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "Access Manager",
"version_value": "4.4"
},
{
"affected": "=",
"version_affected": "=",
"version_name": "Access Manager",
"version_value": "4.3"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/support/kb/doc.php?id=7022724",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/support/kb/doc.php?id=7022724"
},
{
"name": "103421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103421"
}
]
},
"solution": [
{
"lang": "en",
"value": "Apply 4.4 SP1."
}
],
"source": {
"advisory": "https://www.netiq.com/support/kb/doc.php?id=7022724",
"defect": [
"XSS",
"vulnerability"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Apply 4.4 SP1."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7678",
"datePublished": "2018-03-14T15:00:00",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-08-05T06:31:05.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7677 (GCVE-0-2018-7677)
Vulnerability from nvd – Published: 2018-03-14 15:00 – Updated: 2024-08-05 06:31
VLAI?
Summary
A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.
Severity ?
CWE
- CSRF
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | NetIQ Access Manager (NAM) Admin Console |
Affected:
Access Manager 4.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7022725"
},
{
"name": "103420",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103420"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Access Manager (NAM) Admin Console",
"vendor": "NetIQ",
"versions": [
{
"status": "affected",
"version": "Access Manager 4.4"
}
]
}
],
"datePublic": "2018-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:47",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7022725"
},
{
"name": "103420",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103420"
}
],
"solutions": [
{
"lang": "en",
"value": "Apply 4.4 SP1."
}
],
"source": {
"advisory": "https://www.netiq.com/support/kb/doc.php?id=7022725",
"defect": [
"CSRF"
],
"discovery": "INTERNAL"
},
"title": "CSRF in NetIQ Access Manager (NAM) Identity Server component",
"workarounds": [
{
"lang": "en",
"value": "Apply 4.4 SP1."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-7677",
"STATE": "PUBLIC",
"TITLE": "CSRF in NetIQ Access Manager (NAM) Identity Server component"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager (NAM) Admin Console",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "Access Manager",
"version_value": "4.4"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/support/kb/doc.php?id=7022725",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/support/kb/doc.php?id=7022725"
},
{
"name": "103420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103420"
}
]
},
"solution": [
{
"lang": "en",
"value": "Apply 4.4 SP1."
}
],
"source": {
"advisory": "https://www.netiq.com/support/kb/doc.php?id=7022725",
"defect": [
"CSRF"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Apply 4.4 SP1."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7677",
"datePublished": "2018-03-14T15:00:00",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-08-05T06:31:05.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14802 (GCVE-0-2017-14802)
Vulnerability from nvd – Published: 2018-03-02 20:00 – Updated: 2024-09-17 02:41
VLAI?
Summary
Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites.
Severity ?
5.4 (Medium)
CWE
- redirect to untrusted sites
- CWE-601
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | Access Manager |
Affected:
4.3 , < 4.3.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022360"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.3.3",
"status": "affected",
"version": "4.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "redirect to untrusted sites",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:26",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022360"
}
],
"source": {
"advisory": "7022360",
"discovery": "EXTERNAL"
},
"title": "Unvalidated Redirect in NetIQ Access Manager after upgrading to NAM 4.3 AC and IDP URLs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
"ID": "CVE-2017-14802",
"STATE": "PUBLIC",
"TITLE": "Unvalidated Redirect in NetIQ Access Manager after upgrading to NAM 4.3 AC and IDP URLs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.3",
"version_value": "4.3.3"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "redirect to untrusted sites"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-601"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7022360",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7022360"
}
]
},
"source": {
"advisory": "7022360",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-14802",
"datePublished": "2018-03-02T20:00:00Z",
"dateReserved": "2017-09-27T00:00:00",
"dateUpdated": "2024-09-17T02:41:52.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9276 (GCVE-0-2017-9276)
Vulnerability from nvd – Published: 2018-03-02 20:00 – Updated: 2024-09-17 03:48
VLAI?
Summary
Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter.
Severity ?
5.4 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | Access Manager |
Affected:
unspecified , < 4.3.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022359"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the \"a\" parameter."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:33",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022359"
}
],
"source": {
"advisory": "7022359",
"defect": [
"1044115"
],
"discovery": "EXTERNAL"
},
"title": "XSS Vulnerability in iManager",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
"ID": "CVE-2017-9276",
"STATE": "PUBLIC",
"TITLE": "XSS Vulnerability in iManager"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "4.3.3"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the \"a\" parameter."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7022359",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7022359"
}
]
},
"source": {
"advisory": "7022359",
"defect": [
"1044115"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-9276",
"datePublished": "2018-03-02T20:00:00Z",
"dateReserved": "2017-05-29T00:00:00",
"dateUpdated": "2024-09-17T03:48:57.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7419 (GCVE-0-2017-7419)
Vulnerability from nvd – Published: 2018-03-02 20:00 – Updated: 2024-09-16 17:29
VLAI?
Summary
A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.
Severity ?
4.6 (Medium)
CWE
- cross site scripting attack
- CWE-79
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | Access Manager |
Affected:
4.3 , < 4.3.2
(custom)
Affected: 4.2 , < 4.2.4 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1031853"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7019893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.3.2",
"status": "affected",
"version": "4.3",
"versionType": "custom"
},
{
"lessThan": "4.2.4",
"status": "affected",
"version": "4.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped \"description\" field that could be specified by the provider."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cross site scripting attack",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:40",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1031853"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7019893"
}
],
"source": {
"advisory": "7019893",
"defect": [
"1031853"
],
"discovery": "INTERNAL"
},
"title": "NetIQ Access Manager OAuth Consent screen XSS attack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-06-09T00:00:00.000Z",
"ID": "CVE-2017-7419",
"STATE": "PUBLIC",
"TITLE": "NetIQ Access Manager OAuth Consent screen XSS attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.3",
"version_value": "4.3.2"
},
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.2",
"version_value": "4.2.4"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped \"description\" field that could be specified by the provider."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cross site scripting attack"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1031853",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1031853"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7019893",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7019893"
}
]
},
"source": {
"advisory": "7019893",
"defect": [
"1031853"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-7419",
"datePublished": "2018-03-02T20:00:00Z",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-09-16T17:29:02.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14801 (GCVE-0-2017-14801)
Vulnerability from nvd – Published: 2018-03-02 20:00 – Updated: 2024-09-17 03:03
VLAI?
Summary
Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter.
Severity ?
4.6 (Medium)
CWE
- Reflected cross site scripting
- CWE-79
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | Access Manager |
Affected:
4.3 , < 4.3.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022357"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.3.3",
"status": "affected",
"version": "4.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected cross site scripting",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:26",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022357"
}
],
"source": {
"advisory": "7022357",
"discovery": "UNKNOWN"
},
"title": "Reflected xss in Admin Console REST interface",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
"ID": "CVE-2017-14801",
"STATE": "PUBLIC",
"TITLE": "Reflected xss in Admin Console REST interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.3",
"version_value": "4.3.3"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected cross site scripting"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7022357",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7022357"
}
]
},
"source": {
"advisory": "7022357",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-14801",
"datePublished": "2018-03-02T20:00:00Z",
"dateReserved": "2017-09-27T00:00:00",
"dateUpdated": "2024-09-17T03:03:50.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14800 (GCVE-0-2017-14800)
Vulnerability from nvd – Published: 2018-03-01 19:00 – Updated: 2024-09-16 20:31
VLAI?
Summary
A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users.
Severity ?
5.4 (Medium)
CWE
- reflected cross site scripting attack
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | Access Manager |
Affected:
4.3 , < 4.3.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:40.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022356"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.3.3",
"status": "affected",
"version": "4.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the \"typecontainerid\" parameter of the policy editor could allowed code injection into pages of authenticated users."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected cross site scripting attack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:51",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022356"
}
],
"source": {
"advisory": "7022356",
"discovery": "UNKNOWN"
},
"title": "Reflected xss on Access Manager iManager UI",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
"ID": "CVE-2017-14800",
"STATE": "PUBLIC",
"TITLE": "Reflected xss on Access Manager iManager UI"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.3",
"version_value": "4.3.3"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the \"typecontainerid\" parameter of the policy editor could allowed code injection into pages of authenticated users."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected cross site scripting attack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7022356",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7022356"
}
]
},
"source": {
"advisory": "7022356",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-14800",
"datePublished": "2018-03-01T19:00:00Z",
"dateReserved": "2017-09-27T00:00:00",
"dateUpdated": "2024-09-16T20:31:45.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14799 (GCVE-0-2017-14799)
Vulnerability from nvd – Published: 2018-03-01 19:00 – Updated: 2024-09-16 17:23
VLAI?
Summary
A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page.
Severity ?
4.6 (Medium)
CWE
- cross site scripting attack in the login parameter handling due to incorrect quoting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | Access Manager |
Affected:
4.3 , < 4.3.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:40.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022358"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Manager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.3.3",
"status": "affected",
"version": "4.3",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cross site scripting attack in the login parameter handling due to incorrect quoting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022358"
}
],
"source": {
"advisory": "7022358",
"discovery": "EXTERNAL"
},
"title": "XSS Vulnerability with ESP URL",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
"ID": "CVE-2017-14799",
"STATE": "PUBLIC",
"TITLE": "XSS Vulnerability with ESP URL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "4.3",
"version_value": "4.3.3"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cross site scripting attack in the login parameter handling due to incorrect quoting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7022358",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7022358"
}
]
},
"source": {
"advisory": "7022358",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-14799",
"datePublished": "2018-03-01T19:00:00Z",
"dateReserved": "2017-09-27T00:00:00",
"dateUpdated": "2024-09-16T17:23:57.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1342 (GCVE-0-2018-1342)
Vulnerability from nvd – Published: 2018-01-26 02:00 – Updated: 2024-09-16 16:43
VLAI?
Summary
A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console.
Severity ?
No CVSS data available.
CWE
- Arbitrary file upload to the Admin Console server
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager, Administrative Console |
Affected:
4.3
Affected: 4.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022444"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Access Manager, Administrative Console",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"status": "affected",
"version": "4.4"
}
]
}
],
"datePublic": "2017-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary file upload to the Admin Console server",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:37",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022444"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-12-08T00:00:00",
"ID": "CVE-2018-1342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager, Administrative Console",
"version": {
"version_data": [
{
"version_value": "4.3"
},
{
"version_value": "4.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary file upload to the Admin Console server"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7022444",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7022444"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-1342",
"datePublished": "2018-01-26T02:00:00Z",
"dateReserved": "2017-12-10T00:00:00",
"dateUpdated": "2024-09-16T16:43:19.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}