Search criteria

18 vulnerabilities found for access_manager by novell

FKIE_CVE-2010-0284

Vulnerability from fkie_nvd - Published: 2010-06-18 16:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678.
References
cve@mitre.orghttp://secunia.com/advisories/40198Vendor Advisory
cve@mitre.orghttp://www.novell.com/support/viewContent.do?externalId=7006255&sliceId=1
cve@mitre.orghttp://www.securityfocus.com/bid/40931
cve@mitre.orghttp://www.securitytracker.com/id?1024132
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/1516Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/59528
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40198Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/support/viewContent.do?externalId=7006255&sliceId=1
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/40931
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1024132
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1516Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/59528
Impacted products
Vendor Product Version
novell access_manager 3.1
novell access_manager 3.1
microsoft windows *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:novell:access_manager:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2617E396-621F-40AD-86B7-8E2158E4A54F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:access_manager:3.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "DAE304CE-1BEB-413C-A16C-320C606D7BA6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en el m\u00e9todo getEntry en el componente PortalModuleInstallManager en un servlet en nps.jar en la Consola de administraci\u00f3n (Administration Console, tambi\u00e9n conocida como Access Management Console) en Novell Access Manager v3.1 anteriores a v3.1.2-281 en Windows, permite a atacantes remotos crear ficheros de su elecci\u00f3n con cualquier contenido, y consecuentemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un .. (punto punto) en un par\u00e1metro, tambi\u00e9n conocido como ZDI-CAN-678."
    }
  ],
  "id": "CVE-2010-0284",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-06-18T16:30:01.313",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40198"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/support/viewContent.do?externalId=7006255\u0026sliceId=1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/40931"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1024132"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1516"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/support/viewContent.do?externalId=7006255\u0026sliceId=1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/40931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59528"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2009-4878

Vulnerability from fkie_nvd - Published: 2010-05-26 18:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors.
References
cve@mitre.orghttp://secunia.com/advisories/35898Vendor Advisory
cve@mitre.orghttp://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html
cve@mitre.orghttp://www.securityfocus.com/bid/35734
cve@mitre.orghttp://www.securitytracker.com/id?1022581
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/1945Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/51822
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35898Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/35734
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1022581
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1945Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/51822
Impacted products
Vendor Product Version
novell access_manager *
novell access_manager 3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:novell:access_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B566F5D7-5F30-4F83-9C0F-8736D5B14FE3",
              "versionEndIncluding": "3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:access_manager:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C763FA8-765F-48D9-BEFF-C971A6287A3B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en la Consola de Administraci\u00f3n en Novell Access Manager anterior v3.1 SP1 permite a atacantes acceder al sistema de ficheros a trav\u00e9s de vectores de ataque desconocidos. \r\n"
    }
  ],
  "id": "CVE-2009-4878",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-05-26T18:30:01.717",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35898"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/35734"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1022581"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1945"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51822"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35898"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1945"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51822"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2009-4879

Vulnerability from fkie_nvd - Published: 2010-05-26 18:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.
References
cve@mitre.orghttp://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html
cve@mitre.orghttp://www.securitytracker.com/id?1022581
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1022581
Impacted products
Vendor Product Version
novell access_manager *
novell access_manager 3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:novell:access_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B566F5D7-5F30-4F83-9C0F-8736D5B14FE3",
              "versionEndIncluding": "3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:novell:access_manager:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C763FA8-765F-48D9-BEFF-C971A6287A3B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions."
    },
    {
      "lang": "es",
      "value": "El servidor de identidades en Novell Access Manager anterior v3.1 SP1 permite a atacantes con cuenta Active Directory desactivada, autenticarse usando autenticaci\u00f3n X.509, que elude las restricciones establecidas"
    }
  ],
  "id": "CVE-2009-4879",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-05-26T18:30:01.767",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1022581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022581"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2008-6722

Vulnerability from fkie_nvd - Published: 2009-04-14 16:26 - Updated: 2025-04-09 00:30
Severity ?
Summary
Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
References
cve@mitre.orghttp://osvdb.org/49737
cve@mitre.orghttp://secunia.com/advisories/32554Vendor Advisory
cve@mitre.orghttp://www.novell.com/support/viewContent.do?externalId=7001788
cve@mitre.orghttp://www.securityfocus.com/bid/32121
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/3012Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/49737
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32554Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/support/viewContent.do?externalId=7001788
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/32121
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/3012Vendor Advisory
Impacted products
Vendor Product Version
novell access_manager 3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:novell:access_manager:3:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "342C4B38-A879-4C02-BEEF-E151A45CAD4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim\u0027s web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache."
    },
    {
      "lang": "es",
      "value": "Novell Access Manager v3 SP4 no expira adecuadamente sesiones certificadas X.509, lo cual permite a atacantes f\u00edsicamente pr\u00f3ximos obtener una sesi\u00f3n validada utilizando un proceso del navegador web de la v\u00edctima que contin\u00faa enviando el sessionID SSL original y v\u00e1lido, relacionado con la incapacidad de Apache Tomcat de limpiar entradas de la cach\u00e9 de SSL."
    }
  ],
  "id": "CVE-2008-6722",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-04-14T16:26:56.077",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/49737"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32554"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/support/viewContent.do?externalId=7001788"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/32121"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/49737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/support/viewContent.do?externalId=7001788"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3012"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2007-3570

Vulnerability from fkie_nvd - Published: 2007-07-05 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request.
References
cve@mitre.orghttp://www.novell.com/documentation/novellaccessmanager/readme/accessmanager_readme.html#ban5hsz
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/2390
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3075
cve@mitre.orghttps://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/documentation/novellaccessmanager/readme/accessmanager_readme.html#ban5hsz
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2390
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3075
af854a3a-2127-422b-91ae-364da2661108https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html
Impacted products
Vendor Product Version
novell access_manager 3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:novell:access_manager:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C763FA8-765F-48D9-BEFF-C971A6287A3B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request."
    },
    {
      "lang": "es",
      "value": "Linux Access Gateway en Novell Access Manager anterior a 3.0 SP1 Release Candidate 1 (RC1) permite a atacantes remotos evitar controles no especificados de seguridad mediante informaci\u00f3n Fullwidth/Halfwidth codificada en Unicode en una petici\u00f3n POST de HTTP."
    }
  ],
  "id": "CVE-2007-3570",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-07-05T19:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/documentation/novellaccessmanager/readme/accessmanager_readme.html#ban5hsz"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2390"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3075"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/documentation/novellaccessmanager/readme/accessmanager_readme.html#ban5hsz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2390"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3075"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2007-1309

Vulnerability from fkie_nvd - Published: 2007-03-07 00:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt.
References
cve@mitre.orghttp://osvdb.org/33841
cve@mitre.orghttp://secunia.com/advisories/24369Patch, Vendor Advisory
cve@mitre.orghttp://www.securitytracker.com/id?1017722Patch, Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0800
cve@mitre.orghttps://secure-support.novell.com/KanisaPlatform/Publishing/648/3429077_f.SAL_Public.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/33841
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24369Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017722Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0800
af854a3a-2127-422b-91ae-364da2661108https://secure-support.novell.com/KanisaPlatform/Publishing/648/3429077_f.SAL_Public.htmlPatch
Impacted products
Vendor Product Version
novell access_manager 3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:novell:access_manager:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C763FA8-765F-48D9-BEFF-C971A6287A3B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt."
    },
    {
      "lang": "es",
      "value": "Novell Access Management 3 SSLVPN Server permite a usuarios remotos autenticados evitar las restricciones VPN poniendo policy.txt como s\u00f3lo lectura, desconectando, y modificando manualmente el policy.txt."
    }
  ],
  "id": "CVE-2007-1309",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-03-07T00:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/33841"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24369"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securitytracker.com/id?1017722"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0800"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/648/3429077_f.SAL_Public.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/33841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securitytracker.com/id?1017722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0800"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/648/3429077_f.SAL_Public.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2010-0284 (GCVE-0-2010-0284)

Vulnerability from cvelistv5 – Published: 2010-06-18 16:00 – Updated: 2024-08-07 00:45
VLAI?
Summary
Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:45:11.744Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "accessmgr-admincosole-getentry-file-upload(59528)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59528"
          },
          {
            "name": "1024132",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024132"
          },
          {
            "name": "40198",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40198"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/viewContent.do?externalId=7006255\u0026sliceId=1"
          },
          {
            "name": "ADV-2010-1516",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1516"
          },
          {
            "name": "40931",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/40931"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "accessmgr-admincosole-getentry-file-upload(59528)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59528"
        },
        {
          "name": "1024132",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024132"
        },
        {
          "name": "40198",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40198"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/viewContent.do?externalId=7006255\u0026sliceId=1"
        },
        {
          "name": "ADV-2010-1516",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1516"
        },
        {
          "name": "40931",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/40931"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-0284",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "accessmgr-admincosole-getentry-file-upload(59528)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59528"
            },
            {
              "name": "1024132",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024132"
            },
            {
              "name": "40198",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40198"
            },
            {
              "name": "http://www.novell.com/support/viewContent.do?externalId=7006255\u0026sliceId=1",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/support/viewContent.do?externalId=7006255\u0026sliceId=1"
            },
            {
              "name": "ADV-2010-1516",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1516"
            },
            {
              "name": "40931",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/40931"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-0284",
    "datePublished": "2010-06-18T16:00:00",
    "dateReserved": "2010-01-12T00:00:00",
    "dateUpdated": "2024-08-07T00:45:11.744Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4879 (GCVE-0-2009-4879)

Vulnerability from cvelistv5 – Published: 2010-05-26 18:00 – Updated: 2024-09-16 16:18
VLAI?
Summary
The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:17:26.161Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1022581",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022581"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-05-26T18:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1022581",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022581"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4879",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1022581",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022581"
            },
            {
              "name": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4879",
    "datePublished": "2010-05-26T18:00:00Z",
    "dateReserved": "2010-05-26T00:00:00Z",
    "dateUpdated": "2024-09-16T16:18:39.843Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4878 (GCVE-0-2009-4878)

Vulnerability from cvelistv5 – Published: 2010-05-26 18:00 – Updated: 2024-08-07 07:17
VLAI?
Summary
Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:17:25.875Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "accessmgr-admin-console-info-disclosure(51822)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51822"
          },
          {
            "name": "ADV-2009-1945",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1945"
          },
          {
            "name": "1022581",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022581"
          },
          {
            "name": "35734",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35734"
          },
          {
            "name": "35898",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35898"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "accessmgr-admin-console-info-disclosure(51822)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51822"
        },
        {
          "name": "ADV-2009-1945",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1945"
        },
        {
          "name": "1022581",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022581"
        },
        {
          "name": "35734",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35734"
        },
        {
          "name": "35898",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35898"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4878",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "accessmgr-admin-console-info-disclosure(51822)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51822"
            },
            {
              "name": "ADV-2009-1945",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1945"
            },
            {
              "name": "1022581",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022581"
            },
            {
              "name": "35734",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35734"
            },
            {
              "name": "35898",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35898"
            },
            {
              "name": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4878",
    "datePublished": "2010-05-26T18:00:00",
    "dateReserved": "2010-05-26T00:00:00",
    "dateUpdated": "2024-08-07T07:17:25.875Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-6722 (GCVE-0-2008-6722)

Vulnerability from cvelistv5 – Published: 2009-04-14 16:00 – Updated: 2024-08-07 11:42
VLAI?
Summary
Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://osvdb.org/49737 vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/32554 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/32121 vdb-entryx_refsource_BID
http://www.novell.com/support/viewContent.do?exte… x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/3012 vdb-entryx_refsource_VUPEN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T11:42:00.387Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "49737",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/49737"
          },
          {
            "name": "32554",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32554"
          },
          {
            "name": "32121",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32121"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/viewContent.do?externalId=7001788"
          },
          {
            "name": "ADV-2008-3012",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3012"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-11-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim\u0027s web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-04-29T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "49737",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/49737"
        },
        {
          "name": "32554",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32554"
        },
        {
          "name": "32121",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32121"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/viewContent.do?externalId=7001788"
        },
        {
          "name": "ADV-2008-3012",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3012"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-6722",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim\u0027s web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "49737",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/49737"
            },
            {
              "name": "32554",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32554"
            },
            {
              "name": "32121",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32121"
            },
            {
              "name": "http://www.novell.com/support/viewContent.do?externalId=7001788",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/support/viewContent.do?externalId=7001788"
            },
            {
              "name": "ADV-2008-3012",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3012"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-6722",
    "datePublished": "2009-04-14T16:00:00",
    "dateReserved": "2009-04-14T00:00:00",
    "dateUpdated": "2024-08-07T11:42:00.387Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-3570 (GCVE-0-2007-3570)

Vulnerability from cvelistv5 – Published: 2007-07-05 19:00 – Updated: 2024-08-07 14:21
VLAI?
Summary
The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:21:36.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-2390",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2390"
          },
          {
            "name": "ADV-2007-3075",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3075"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/documentation/novellaccessmanager/readme/accessmanager_readme.html#ban5hsz"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-09-13T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-2390",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2390"
        },
        {
          "name": "ADV-2007-3075",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3075"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/documentation/novellaccessmanager/readme/accessmanager_readme.html#ban5hsz"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3570",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-2390",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2390"
            },
            {
              "name": "ADV-2007-3075",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3075"
            },
            {
              "name": "http://www.novell.com/documentation/novellaccessmanager/readme/accessmanager_readme.html#ban5hsz",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/documentation/novellaccessmanager/readme/accessmanager_readme.html#ban5hsz"
            },
            {
              "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html",
              "refsource": "CONFIRM",
              "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3570",
    "datePublished": "2007-07-05T19:00:00",
    "dateReserved": "2007-07-05T00:00:00",
    "dateUpdated": "2024-08-07T14:21:36.411Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-1309 (GCVE-0-2007-1309)

Vulnerability from cvelistv5 – Published: 2007-03-07 00:00 – Updated: 2024-08-07 12:50
VLAI?
Summary
Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://osvdb.org/33841 vdb-entryx_refsource_OSVDB
https://secure-support.novell.com/KanisaPlatform/… x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/0800 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/24369 third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1017722 vdb-entryx_refsource_SECTRACK
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:50:34.944Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "33841",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/33841"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/648/3429077_f.SAL_Public.html"
          },
          {
            "name": "ADV-2007-0800",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0800"
          },
          {
            "name": "24369",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24369"
          },
          {
            "name": "1017722",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017722"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-11-13T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "33841",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/33841"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/648/3429077_f.SAL_Public.html"
        },
        {
          "name": "ADV-2007-0800",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0800"
        },
        {
          "name": "24369",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24369"
        },
        {
          "name": "1017722",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017722"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1309",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "33841",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/33841"
            },
            {
              "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/648/3429077_f.SAL_Public.html",
              "refsource": "CONFIRM",
              "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/648/3429077_f.SAL_Public.html"
            },
            {
              "name": "ADV-2007-0800",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0800"
            },
            {
              "name": "24369",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24369"
            },
            {
              "name": "1017722",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017722"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1309",
    "datePublished": "2007-03-07T00:00:00",
    "dateReserved": "2007-03-06T00:00:00",
    "dateUpdated": "2024-08-07T12:50:34.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-0284 (GCVE-0-2010-0284)

Vulnerability from nvd – Published: 2010-06-18 16:00 – Updated: 2024-08-07 00:45
VLAI?
Summary
Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:45:11.744Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "accessmgr-admincosole-getentry-file-upload(59528)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59528"
          },
          {
            "name": "1024132",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024132"
          },
          {
            "name": "40198",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40198"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/viewContent.do?externalId=7006255\u0026sliceId=1"
          },
          {
            "name": "ADV-2010-1516",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1516"
          },
          {
            "name": "40931",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/40931"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "accessmgr-admincosole-getentry-file-upload(59528)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59528"
        },
        {
          "name": "1024132",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024132"
        },
        {
          "name": "40198",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40198"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/viewContent.do?externalId=7006255\u0026sliceId=1"
        },
        {
          "name": "ADV-2010-1516",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1516"
        },
        {
          "name": "40931",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/40931"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-0284",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "accessmgr-admincosole-getentry-file-upload(59528)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59528"
            },
            {
              "name": "1024132",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024132"
            },
            {
              "name": "40198",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40198"
            },
            {
              "name": "http://www.novell.com/support/viewContent.do?externalId=7006255\u0026sliceId=1",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/support/viewContent.do?externalId=7006255\u0026sliceId=1"
            },
            {
              "name": "ADV-2010-1516",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1516"
            },
            {
              "name": "40931",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/40931"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-0284",
    "datePublished": "2010-06-18T16:00:00",
    "dateReserved": "2010-01-12T00:00:00",
    "dateUpdated": "2024-08-07T00:45:11.744Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4879 (GCVE-0-2009-4879)

Vulnerability from nvd – Published: 2010-05-26 18:00 – Updated: 2024-09-16 16:18
VLAI?
Summary
The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:17:26.161Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1022581",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022581"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-05-26T18:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1022581",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022581"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4879",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1022581",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022581"
            },
            {
              "name": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4879",
    "datePublished": "2010-05-26T18:00:00Z",
    "dateReserved": "2010-05-26T00:00:00Z",
    "dateUpdated": "2024-09-16T16:18:39.843Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-4878 (GCVE-0-2009-4878)

Vulnerability from nvd – Published: 2010-05-26 18:00 – Updated: 2024-08-07 07:17
VLAI?
Summary
Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:17:25.875Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "accessmgr-admin-console-info-disclosure(51822)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51822"
          },
          {
            "name": "ADV-2009-1945",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1945"
          },
          {
            "name": "1022581",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022581"
          },
          {
            "name": "35734",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35734"
          },
          {
            "name": "35898",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35898"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-07-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "accessmgr-admin-console-info-disclosure(51822)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51822"
        },
        {
          "name": "ADV-2009-1945",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1945"
        },
        {
          "name": "1022581",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022581"
        },
        {
          "name": "35734",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35734"
        },
        {
          "name": "35898",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35898"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4878",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "accessmgr-admin-console-info-disclosure(51822)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51822"
            },
            {
              "name": "ADV-2009-1945",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1945"
            },
            {
              "name": "1022581",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022581"
            },
            {
              "name": "35734",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35734"
            },
            {
              "name": "35898",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35898"
            },
            {
              "name": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4878",
    "datePublished": "2010-05-26T18:00:00",
    "dateReserved": "2010-05-26T00:00:00",
    "dateUpdated": "2024-08-07T07:17:25.875Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-6722 (GCVE-0-2008-6722)

Vulnerability from nvd – Published: 2009-04-14 16:00 – Updated: 2024-08-07 11:42
VLAI?
Summary
Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://osvdb.org/49737 vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/32554 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/32121 vdb-entryx_refsource_BID
http://www.novell.com/support/viewContent.do?exte… x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/3012 vdb-entryx_refsource_VUPEN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T11:42:00.387Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "49737",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/49737"
          },
          {
            "name": "32554",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32554"
          },
          {
            "name": "32121",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32121"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/viewContent.do?externalId=7001788"
          },
          {
            "name": "ADV-2008-3012",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3012"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-11-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim\u0027s web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-04-29T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "49737",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/49737"
        },
        {
          "name": "32554",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32554"
        },
        {
          "name": "32121",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32121"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/viewContent.do?externalId=7001788"
        },
        {
          "name": "ADV-2008-3012",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3012"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-6722",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim\u0027s web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "49737",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/49737"
            },
            {
              "name": "32554",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32554"
            },
            {
              "name": "32121",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32121"
            },
            {
              "name": "http://www.novell.com/support/viewContent.do?externalId=7001788",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/support/viewContent.do?externalId=7001788"
            },
            {
              "name": "ADV-2008-3012",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3012"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-6722",
    "datePublished": "2009-04-14T16:00:00",
    "dateReserved": "2009-04-14T00:00:00",
    "dateUpdated": "2024-08-07T11:42:00.387Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-3570 (GCVE-0-2007-3570)

Vulnerability from nvd – Published: 2007-07-05 19:00 – Updated: 2024-08-07 14:21
VLAI?
Summary
The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:21:36.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-2390",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2390"
          },
          {
            "name": "ADV-2007-3075",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3075"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/documentation/novellaccessmanager/readme/accessmanager_readme.html#ban5hsz"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-09-13T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-2390",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2390"
        },
        {
          "name": "ADV-2007-3075",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3075"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/documentation/novellaccessmanager/readme/accessmanager_readme.html#ban5hsz"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3570",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-2390",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2390"
            },
            {
              "name": "ADV-2007-3075",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3075"
            },
            {
              "name": "http://www.novell.com/documentation/novellaccessmanager/readme/accessmanager_readme.html#ban5hsz",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/documentation/novellaccessmanager/readme/accessmanager_readme.html#ban5hsz"
            },
            {
              "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html",
              "refsource": "CONFIRM",
              "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3570",
    "datePublished": "2007-07-05T19:00:00",
    "dateReserved": "2007-07-05T00:00:00",
    "dateUpdated": "2024-08-07T14:21:36.411Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-1309 (GCVE-0-2007-1309)

Vulnerability from nvd – Published: 2007-03-07 00:00 – Updated: 2024-08-07 12:50
VLAI?
Summary
Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://osvdb.org/33841 vdb-entryx_refsource_OSVDB
https://secure-support.novell.com/KanisaPlatform/… x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/0800 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/24369 third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1017722 vdb-entryx_refsource_SECTRACK
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:50:34.944Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "33841",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/33841"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/648/3429077_f.SAL_Public.html"
          },
          {
            "name": "ADV-2007-0800",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0800"
          },
          {
            "name": "24369",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24369"
          },
          {
            "name": "1017722",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017722"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-11-13T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "33841",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/33841"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/648/3429077_f.SAL_Public.html"
        },
        {
          "name": "ADV-2007-0800",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0800"
        },
        {
          "name": "24369",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24369"
        },
        {
          "name": "1017722",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017722"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1309",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "33841",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/33841"
            },
            {
              "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/648/3429077_f.SAL_Public.html",
              "refsource": "CONFIRM",
              "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/648/3429077_f.SAL_Public.html"
            },
            {
              "name": "ADV-2007-0800",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0800"
            },
            {
              "name": "24369",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24369"
            },
            {
              "name": "1017722",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017722"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1309",
    "datePublished": "2007-03-07T00:00:00",
    "dateReserved": "2007-03-06T00:00:00",
    "dateUpdated": "2024-08-07T12:50:34.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}