Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
144 vulnerabilities by NetIQ
CVE-2022-26322 (GCVE-0-2022-26322)
Vulnerability from nvd – Published: 2024-09-12 12:40 – Updated: 2024-09-12 12:58
VLAI
EPSS
VEX
Title
Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager
Summary
Possible Insertion of Sensitive Information into Log File Vulnerability
in Identity Manager has been discovered in
OpenText™
Identity Manager REST Driver. This impact version before 1.1.2.0200.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | Identity Manager REST Driver 1.1.2.0200 |
Affected:
1.0.0.0000 , ≤ 1.1.2.0200
(rpm, exe)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T12:58:26.895450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:58:37.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "Identity Manager REST Driver 1.1.2.0200",
"vendor": "OpenText",
"versions": [
{
"lessThanOrEqual": "1.1.2.0200",
"status": "affected",
"version": "1.0.0.0000",
"versionType": "rpm, exe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003ePossible Insertion of Sensitive Information into Log File Vulnerability\n\nin Identity Manager \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \n\u003cstrong\u003e\u003c/strong\u003eIdentity Manager REST Driver. This impact version before 1.1.2.0200\u003cstrong\u003e.\u003c/strong\u003e\u003c/strong\u003e\u003cstrong\u003e\u003cbr\u003e\u003c/strong\u003e"
}
],
"value": "Possible Insertion of Sensitive Information into Log File Vulnerability\n\nin Identity Manager has been discovered in\nOpenText\u2122 \nIdentity Manager REST Driver. This impact version before 1.1.2.0200."
}
],
"impacts": [
{
"capecId": "CAPEC-215",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-215 Fuzzing for application mapping"
}
]
},
{
"capecId": "CAPEC-261",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-261 Fuzzing for garnering other adjacent user/sensitive data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:40:22.648Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/identity-manager-48-drivers/RESTDriver1.1.2.0300_readme/data/RESTDriver1.1.2.0300_readme.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2022-26322",
"datePublished": "2024-09-12T12:40:22.648Z",
"dateReserved": "2022-02-28T21:48:42.460Z",
"dateUpdated": "2024-09-12T12:58:37.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11843 (GCVE-0-2020-11843)
Vulnerability from nvd – Published: 2024-06-11 07:23 – Updated: 2024-08-04 11:42
VLAI
EPSS
VEX
Title
Potential information leakage in administrator enabled debug mode
Summary
This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | NetIQ Access Manager |
Affected:
4.5 , < <
(server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-11843",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:48:24.994478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:48:33.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/access-manager-45/accessmanager452-hf1-release-notes/data/accessmanager452-hf1-release-notes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/access-manager-44/accessmanager444-hf3-release-notes/data/accessmanager444-hf3-release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "NetIQ Access Manager",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "4.5",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This allows the information exposure to unauthorized users.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects NetIQ Access Manager using version 4.5 or before\u0026nbsp;\u003c/span\u003e"
}
],
"value": "This allows the information exposure to unauthorized users.\u00a0This issue affects NetIQ Access Manager using version 4.5 or before"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T07:23:38.502Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/access-manager-45/accessmanager452-hf1-release-notes/data/accessmanager452-hf1-release-notes.html"
},
{
"url": "https://www.netiq.com/documentation/access-manager-44/accessmanager444-hf3-release-notes/data/accessmanager444-hf3-release-notes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential information leakage in administrator enabled debug mode",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2020-11843",
"datePublished": "2024-06-11T07:23:38.502Z",
"dateReserved": "2020-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1470 (GCVE-0-2024-1470)
Vulnerability from nvd – Published: 2024-02-20 16:10 – Updated: 2024-08-01 18:40
VLAI
EPSS
VEX
Title
Elevation of Privilege attack on NetIQ Client login extension
Summary
Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue
only
affects NetIQ Client Login Extension: 4.6.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | NetIQ Client Login Extension |
Affected:
4.6
|
|
| opentext | netiq_client_login_extension |
Affected:
4.6
cpe:2.3:a:opentext:netiq_client_login_extension:4.6:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opentext:netiq_client_login_extension:4.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netiq_client_login_extension",
"vendor": "opentext",
"versions": [
{
"status": "affected",
"version": "4.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-29T21:00:07.096836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T16:50:12.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:21.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000026667?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "NetIQ Client Login Extension",
"vendor": "OpenText",
"versions": [
{
"status": "affected",
"version": "4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.\u003cp\u003eThis issue \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eonly \u003c/span\u003e\n\naffects NetIQ Client Login Extension: 4.6.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue \n\nonly \n\naffects NetIQ Client Login Extension: 4.6.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
},
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T16:10:04.300Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000026667?language=en_US"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Elevation of Privilege attack on NetIQ Client login extension",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-1470",
"datePublished": "2024-02-20T16:10:04.300Z",
"dateReserved": "2024-02-13T16:18:28.050Z",
"dateUpdated": "2024-08-01T18:40:21.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24468 (GCVE-0-2023-24468)
Vulnerability from nvd – Published: 2023-03-15 00:00 – Updated: 2025-02-27 14:45
VLAI
EPSS
VEX
Summary
Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | NetIQ Advanced Authentication |
Affected:
versions prior to 6.4.1.1 and 6.3.7.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6372/data/advanced-authentication-releasenotes-6372.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-6411/data/advanced-authentication-releasenotes-6411.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T14:44:14.484104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T14:45:24.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Advanced Authentication",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 6.4.1.1 and 6.3.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-15T00:00:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6372/data/advanced-authentication-releasenotes-6372.html"
},
{
"url": "https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-6411/data/advanced-authentication-releasenotes-6411.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2023-24468",
"datePublished": "2023-03-15T00:00:00.000Z",
"dateReserved": "2023-01-23T00:00:00.000Z",
"dateUpdated": "2025-02-27T14:45:24.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38758 (GCVE-0-2022-38758)
Vulnerability from nvd – Published: 2023-01-25 00:00 – Updated: 2025-03-27 20:15
VLAI
EPSS
VEX
Title
XSS vulnerabilities in iManager
Summary
Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | NetIQ iManager |
Affected:
NetIQ iManager , < 3.2.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T20:15:16.517246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T20:15:28.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"ALL"
],
"product": "NetIQ iManager",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "3.2.6",
"status": "affected",
"version": "NetIQ iManager",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Kajetan Rostojek for responsibly disclosing this information to us."
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user\u0027s browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-25T00:00:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XSS vulnerabilities in iManager",
"workarounds": [
{
"lang": "en",
"value": "Upgrade to NetIQ iManager 3.2.6 or higher."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-38758",
"datePublished": "2023-01-25T00:00:00.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2025-03-27T20:15:28.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26329 (GCVE-0-2022-26329)
Vulnerability from nvd – Published: 2023-01-24 00:00 – Updated: 2025-04-01 17:56
VLAI
EPSS
VEX
Title
File existence disclosue vulnerability in IDM plugin
Summary
File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-538 - File and Directory Information Exposure
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | NetIQ Identity Manager |
Affected:
NetIQ Identity Manager , < 4.8.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm485/data/software-fixes.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T17:55:26.561768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T17:56:30.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"ALL"
],
"product": "NetIQ Identity Manager",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "4.8.5",
"status": "affected",
"version": "NetIQ Identity Manager",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks go to Kajetan Rostojek for responsibly disclosing this information to us."
}
],
"descriptions": [
{
"lang": "en",
"value": "File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 1.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538 File and Directory Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-24T00:00:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm485/data/software-fixes.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "File existence disclosue vulnerability in IDM plugin",
"workarounds": [
{
"lang": "en",
"value": "Update to the NetIQ Identity Manager 4.8.5 or above."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-26329",
"datePublished": "2023-01-24T00:00:00.000Z",
"dateReserved": "2022-02-28T00:00:00.000Z",
"dateUpdated": "2025-04-01T17:56:30.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11648 (GCVE-0-2019-11648)
Vulnerability from nvd – Published: 2019-06-24 15:40 – Updated: 2024-08-04 23:03
VLAI
EPSS
VEX
Summary
An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive information.
Severity
No CVSS data available.
CWE
- Information leakage
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netiq.com/documentation/self-service-… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | Micro Focus NetIQ Self Service Password Reset. |
Affected:
All versions prior to version 4.4
|
Date Public
2019-06-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:31.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus NetIQ Self Service Password Reset.",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.4"
}
]
}
],
"datePublic": "2019-06-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:05.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus NetIQ Self Service Password Reset.",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11648",
"datePublished": "2019-06-24T15:40:28.000Z",
"dateReserved": "2019-05-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:03:31.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1600 (GCVE-0-2016-1600)
Vulnerability from nvd – Published: 2019-05-09 20:33 – Updated: 2024-08-05 23:02
VLAI
EPSS
VEX
Summary
The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability.
Severity
No CVSS data available.
CWE
- Information disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netiq.com/documentation/identity-mana… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | Identity Manager |
Affected:
Versions prior to version 4.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html#t433o7au0niu"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Identity Manager",
"vendor": "NetIQ",
"versions": [
{
"status": "affected",
"version": "Versions prior to version 4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:46.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html#t433o7au0niu"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-1600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Manager",
"version": {
"version_data": [
{
"version_value": "Versions prior to version 4.6"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html#t433o7au0niu",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html#t433o7au0niu"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-1600",
"datePublished": "2019-05-09T20:33:45.000Z",
"dateReserved": "2016-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:02:11.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12462 (GCVE-0-2018-12462)
Vulnerability from nvd – Published: 2018-07-10 19:00 – Updated: 2024-09-16 18:56
VLAI
EPSS
VEX
Title
NetIQ iManager XSS vulnerabilities
Summary
NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.
Severity
4.8 (Medium)
CWE
- NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.microfocus.com/kb/doc.php?id=7016795 | x_refsource_CONFIRM |
Impacted products
Date Public
2018-07-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:06.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7016795"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iManager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "3.1.1",
"status": "affected",
"version": "NetIQ iManager",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-07-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:36.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7016795"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to NetIQ iManager 3.1.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NetIQ iManager XSS vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-07-02T05:00:00.000Z",
"ID": "CVE-2018-12462",
"STATE": "PUBLIC",
"TITLE": "NetIQ iManager XSS vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iManager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "NetIQ iManager",
"version_value": "3.1.1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.microfocus.com/kb/doc.php?id=7016795",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7016795"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to NetIQ iManager 3.1.1"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-12462",
"datePublished": "2018-07-10T19:00:00.000Z",
"dateReserved": "2018-06-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:56:13.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12461 (GCVE-0-2018-12461)
Vulnerability from nvd – Published: 2018-07-10 18:00 – Updated: 2024-09-16 17:18
VLAI
EPSS
VEX
Title
Certificate Revocation Check failure
Summary
Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation.
Severity
CWE
- Under some circumstances certificate revocation checks in NetIQ eDirectory versions prior to 9.1.1 do not work.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netiq.com/support/kb/doc.php?id=7016794 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | eDirectory |
Affected:
eDirectory 9.1.1 , < 9.1.1
(custom)
|
Date Public
2018-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016794"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eDirectory",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "9.1.1",
"status": "affected",
"version": "eDirectory 9.1.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Under some circumstances certificate revocation checks in NetIQ eDirectory versions prior to 9.1.1 do not work.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:48.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016794"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to eDirectory 9.1.1 ."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Certificate Revocation Check failure",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-07-10T05:00:00.000Z",
"ID": "CVE-2018-12461",
"STATE": "PUBLIC",
"TITLE": "Certificate Revocation Check failure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eDirectory",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "eDirectory 9.1.1",
"version_value": "9.1.1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Under some circumstances certificate revocation checks in NetIQ eDirectory versions prior to 9.1.1 do not work."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/support/kb/doc.php?id=7016794",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016794"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to eDirectory 9.1.1 ."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-12461",
"datePublished": "2018-07-10T18:00:00.000Z",
"dateReserved": "2018-06-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:18:10.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9284 (GCVE-0-2017-9284)
Vulnerability from nvd – Published: 2018-04-26 15:00 – Updated: 2024-08-05 17:02
VLAI
EPSS
VEX
Title
IDM 4.6 Identity Applications information leakage
Summary
IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information.
Severity
4.8 (Medium)
CWE
- Information Leakage
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://download.microfocus.com/Download?buildid=… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | IDM - Identity Applications |
Affected:
Prior to 4.6 Service Pack 2 Hotfix 1 , < 4.6 Service Pack 2 Hotfix 1
(custom)
|
Date Public
2018-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.microfocus.com/Download?buildid=Xg1dZMVbBzs~"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IDM - Identity Applications",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.6 Service Pack 2 Hotfix 1",
"status": "affected",
"version": "Prior to 4.6 Service Pack 2 Hotfix 1",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:06.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.microfocus.com/Download?buildid=Xg1dZMVbBzs~"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IDM 4.6 Identity Applications information leakage",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2017-9284",
"STATE": "PUBLIC",
"TITLE": "IDM 4.6 Identity Applications information leakage"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IDM - Identity Applications",
"version": {
"version_data": [
{
"affected": "\u003c",
"platform": "",
"version_affected": "\u003c",
"version_name": "Prior to 4.6 Service Pack 2 Hotfix 1",
"version_value": "4.6 Service Pack 2 Hotfix 1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"configuration": [],
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information."
}
]
},
"exploit": [],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.microfocus.com/Download?buildid=Xg1dZMVbBzs~",
"refsource": "CONFIRM",
"url": "https://download.microfocus.com/Download?buildid=Xg1dZMVbBzs~"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-9284",
"datePublished": "2018-04-26T15:00:00.000Z",
"dateReserved": "2017-05-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:02:44.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9275 (GCVE-0-2017-9275)
Vulnerability from nvd – Published: 2018-04-26 15:00 – Updated: 2024-08-05 17:02
VLAI
EPSS
VEX
Title
NetIQ Identity Reporting XSS exposure
Summary
NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack.
Severity
CWE
- XSS Issue
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://download.microfocus.com/Download?buildid=… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | Identity Reporting |
Affected:
Prior to 5.5 Service Pack 1 , < 5.5 Service Pack 1
(custom)
|
Date Public
2018-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.microfocus.com/Download?buildid=iGYyq6xwjhE~\u0026donotredirect=true"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Identity Reporting",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "5.5 Service Pack 1",
"status": "affected",
"version": "Prior to 5.5 Service Pack 1",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS Issue",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:31.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.microfocus.com/Download?buildid=iGYyq6xwjhE~\u0026donotredirect=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NetIQ Identity Reporting XSS exposure",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2017-9275",
"STATE": "PUBLIC",
"TITLE": "NetIQ Identity Reporting XSS exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Reporting",
"version": {
"version_data": [
{
"affected": "\u003c",
"platform": "",
"version_affected": "\u003c",
"version_name": "Prior to 5.5 Service Pack 1",
"version_value": "5.5 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"configuration": [],
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack."
}
]
},
"exploit": [],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS Issue"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.microfocus.com/Download?buildid=iGYyq6xwjhE~\u0026donotredirect=true",
"refsource": "CONFIRM",
"url": "https://download.microfocus.com/Download?buildid=iGYyq6xwjhE~\u0026donotredirect=true"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-9275",
"datePublished": "2018-04-26T15:00:00.000Z",
"dateReserved": "2017-05-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:02:44.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7676 (GCVE-0-2018-7676)
Vulnerability from nvd – Published: 2018-03-28 14:00 – Updated: 2024-08-05 06:31
VLAI
EPSS
VEX
Title
IDM Information Leakage
Summary
The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information.
Severity
CWE
- The NetIQ Identity Manager , in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netiq.com/documentation/identity-mana… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | Identity Manager |
Affected:
Prior to 4.7 , < 4.7
(custom)
|
Date Public
2018-03-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Identity Manager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.7",
"status": "affected",
"version": "Prior to 4.7",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The NetIQ Identity Manager , in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:55.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to NetIQ Identity Manager 4.7."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "IDM Information Leakage",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-7676",
"STATE": "PUBLIC",
"TITLE": "IDM Information Leakage"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "Prior to 4.7",
"version_value": "4.7"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The NetIQ Identity Manager , in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to NetIQ Identity Manager 4.7."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7676",
"datePublished": "2018-03-28T14:00:00.000Z",
"dateReserved": "2018-03-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:31:05.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7674 (GCVE-0-2018-7674)
Vulnerability from nvd – Published: 2018-03-28 14:00 – Updated: 2024-08-05 06:31
VLAI
EPSS
VEX
Title
IDM URL Redirection attack
Summary
The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.
Severity
CWE
- The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netiq.com/documentation/identity-mana… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | Identity Manager |
Affected:
Prior to 4.7 , < 4.7
(custom)
|
Date Public
2018-03-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Identity Manager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.7",
"status": "affected",
"version": "Prior to 4.7",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:23.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to NetIQ Identity Manager 4.7."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "IDM URL Redirection attack",
"workarounds": [
{
"lang": "en",
"value": "Do not surf the web while running the Identity Manager console."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-7674",
"STATE": "PUBLIC",
"TITLE": "IDM URL Redirection attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "Prior to 4.7",
"version_value": "4.7"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to NetIQ Identity Manager 4.7."
}
],
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Do not surf the web while running the Identity Manager console."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7674",
"datePublished": "2018-03-28T14:00:00.000Z",
"dateReserved": "2018-03-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:31:05.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7673 (GCVE-0-2018-7673)
Vulnerability from nvd – Published: 2018-03-26 19:00 – Updated: 2024-08-05 06:31
VLAI
EPSS
VEX
Title
NetIQ Identity Manager DoS Attack
Summary
The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack.
Severity
5.1 (Medium)
CWE
- The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attacks.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.netiq.com/documentation/identity-mana… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/103533 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | Identity Manager |
Affected:
Prior to 4.7 , < 4.7
(custom)
|
Date Public
2018-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html"
},
{
"name": "103533",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103533"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Identity Manager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.7",
"status": "affected",
"version": "Prior to 4.7",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attacks.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:30.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html"
},
{
"name": "103533",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103533"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to NetIQ Identity Manager 4.7"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "NetIQ Identity Manager DoS Attack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-7673",
"STATE": "PUBLIC",
"TITLE": "NetIQ Identity Manager DoS Attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "Prior to 4.7",
"version_value": "4.7"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attacks."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html"
},
{
"name": "103533",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103533"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to NetIQ Identity Manager 4.7"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7673",
"datePublished": "2018-03-26T19:00:00.000Z",
"dateReserved": "2018-03-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:31:05.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26322 (GCVE-0-2022-26322)
Vulnerability from cvelistv5 – Published: 2024-09-12 12:40 – Updated: 2024-09-12 12:58
VLAI
EPSS
VEX
Title
Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager
Summary
Possible Insertion of Sensitive Information into Log File Vulnerability
in Identity Manager has been discovered in
OpenText™
Identity Manager REST Driver. This impact version before 1.1.2.0200.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | Identity Manager REST Driver 1.1.2.0200 |
Affected:
1.0.0.0000 , ≤ 1.1.2.0200
(rpm, exe)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T12:58:26.895450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:58:37.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "Identity Manager REST Driver 1.1.2.0200",
"vendor": "OpenText",
"versions": [
{
"lessThanOrEqual": "1.1.2.0200",
"status": "affected",
"version": "1.0.0.0000",
"versionType": "rpm, exe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003ePossible Insertion of Sensitive Information into Log File Vulnerability\n\nin Identity Manager \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \n\u003cstrong\u003e\u003c/strong\u003eIdentity Manager REST Driver. This impact version before 1.1.2.0200\u003cstrong\u003e.\u003c/strong\u003e\u003c/strong\u003e\u003cstrong\u003e\u003cbr\u003e\u003c/strong\u003e"
}
],
"value": "Possible Insertion of Sensitive Information into Log File Vulnerability\n\nin Identity Manager has been discovered in\nOpenText\u2122 \nIdentity Manager REST Driver. This impact version before 1.1.2.0200."
}
],
"impacts": [
{
"capecId": "CAPEC-215",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-215 Fuzzing for application mapping"
}
]
},
{
"capecId": "CAPEC-261",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-261 Fuzzing for garnering other adjacent user/sensitive data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:40:22.648Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/identity-manager-48-drivers/RESTDriver1.1.2.0300_readme/data/RESTDriver1.1.2.0300_readme.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2022-26322",
"datePublished": "2024-09-12T12:40:22.648Z",
"dateReserved": "2022-02-28T21:48:42.460Z",
"dateUpdated": "2024-09-12T12:58:37.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11843 (GCVE-0-2020-11843)
Vulnerability from cvelistv5 – Published: 2024-06-11 07:23 – Updated: 2024-08-04 11:42
VLAI
EPSS
VEX
Title
Potential information leakage in administrator enabled debug mode
Summary
This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | NetIQ Access Manager |
Affected:
4.5 , < <
(server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-11843",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:48:24.994478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:48:33.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/access-manager-45/accessmanager452-hf1-release-notes/data/accessmanager452-hf1-release-notes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/access-manager-44/accessmanager444-hf3-release-notes/data/accessmanager444-hf3-release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "NetIQ Access Manager",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "4.5",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This allows the information exposure to unauthorized users.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects NetIQ Access Manager using version 4.5 or before\u0026nbsp;\u003c/span\u003e"
}
],
"value": "This allows the information exposure to unauthorized users.\u00a0This issue affects NetIQ Access Manager using version 4.5 or before"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T07:23:38.502Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/access-manager-45/accessmanager452-hf1-release-notes/data/accessmanager452-hf1-release-notes.html"
},
{
"url": "https://www.netiq.com/documentation/access-manager-44/accessmanager444-hf3-release-notes/data/accessmanager444-hf3-release-notes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential information leakage in administrator enabled debug mode",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2020-11843",
"datePublished": "2024-06-11T07:23:38.502Z",
"dateReserved": "2020-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1470 (GCVE-0-2024-1470)
Vulnerability from cvelistv5 – Published: 2024-02-20 16:10 – Updated: 2024-08-01 18:40
VLAI
EPSS
VEX
Title
Elevation of Privilege attack on NetIQ Client login extension
Summary
Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue
only
affects NetIQ Client Login Extension: 4.6.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | NetIQ Client Login Extension |
Affected:
4.6
|
|
| opentext | netiq_client_login_extension |
Affected:
4.6
cpe:2.3:a:opentext:netiq_client_login_extension:4.6:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opentext:netiq_client_login_extension:4.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netiq_client_login_extension",
"vendor": "opentext",
"versions": [
{
"status": "affected",
"version": "4.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-29T21:00:07.096836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T16:50:12.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:21.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000026667?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "NetIQ Client Login Extension",
"vendor": "OpenText",
"versions": [
{
"status": "affected",
"version": "4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.\u003cp\u003eThis issue \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eonly \u003c/span\u003e\n\naffects NetIQ Client Login Extension: 4.6.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue \n\nonly \n\naffects NetIQ Client Login Extension: 4.6.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
},
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T16:10:04.300Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000026667?language=en_US"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Elevation of Privilege attack on NetIQ Client login extension",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-1470",
"datePublished": "2024-02-20T16:10:04.300Z",
"dateReserved": "2024-02-13T16:18:28.050Z",
"dateUpdated": "2024-08-01T18:40:21.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24468 (GCVE-0-2023-24468)
Vulnerability from cvelistv5 – Published: 2023-03-15 00:00 – Updated: 2025-02-27 14:45
VLAI
EPSS
VEX
Summary
Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | NetIQ Advanced Authentication |
Affected:
versions prior to 6.4.1.1 and 6.3.7.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6372/data/advanced-authentication-releasenotes-6372.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-6411/data/advanced-authentication-releasenotes-6411.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T14:44:14.484104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T14:45:24.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Advanced Authentication",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 6.4.1.1 and 6.3.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-15T00:00:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6372/data/advanced-authentication-releasenotes-6372.html"
},
{
"url": "https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-6411/data/advanced-authentication-releasenotes-6411.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2023-24468",
"datePublished": "2023-03-15T00:00:00.000Z",
"dateReserved": "2023-01-23T00:00:00.000Z",
"dateUpdated": "2025-02-27T14:45:24.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38758 (GCVE-0-2022-38758)
Vulnerability from cvelistv5 – Published: 2023-01-25 00:00 – Updated: 2025-03-27 20:15
VLAI
EPSS
VEX
Title
XSS vulnerabilities in iManager
Summary
Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | NetIQ iManager |
Affected:
NetIQ iManager , < 3.2.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T20:15:16.517246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T20:15:28.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"ALL"
],
"product": "NetIQ iManager",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "3.2.6",
"status": "affected",
"version": "NetIQ iManager",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Kajetan Rostojek for responsibly disclosing this information to us."
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user\u0027s browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-25T00:00:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XSS vulnerabilities in iManager",
"workarounds": [
{
"lang": "en",
"value": "Upgrade to NetIQ iManager 3.2.6 or higher."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-38758",
"datePublished": "2023-01-25T00:00:00.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2025-03-27T20:15:28.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26329 (GCVE-0-2022-26329)
Vulnerability from cvelistv5 – Published: 2023-01-24 00:00 – Updated: 2025-04-01 17:56
VLAI
EPSS
VEX
Title
File existence disclosue vulnerability in IDM plugin
Summary
File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-538 - File and Directory Information Exposure
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | NetIQ Identity Manager |
Affected:
NetIQ Identity Manager , < 4.8.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm485/data/software-fixes.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T17:55:26.561768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T17:56:30.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"ALL"
],
"product": "NetIQ Identity Manager",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "4.8.5",
"status": "affected",
"version": "NetIQ Identity Manager",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks go to Kajetan Rostojek for responsibly disclosing this information to us."
}
],
"descriptions": [
{
"lang": "en",
"value": "File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 1.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538 File and Directory Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-24T00:00:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm485/data/software-fixes.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "File existence disclosue vulnerability in IDM plugin",
"workarounds": [
{
"lang": "en",
"value": "Update to the NetIQ Identity Manager 4.8.5 or above."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-26329",
"datePublished": "2023-01-24T00:00:00.000Z",
"dateReserved": "2022-02-28T00:00:00.000Z",
"dateUpdated": "2025-04-01T17:56:30.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11648 (GCVE-0-2019-11648)
Vulnerability from cvelistv5 – Published: 2019-06-24 15:40 – Updated: 2024-08-04 23:03
VLAI
EPSS
VEX
Summary
An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive information.
Severity
No CVSS data available.
CWE
- Information leakage
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netiq.com/documentation/self-service-… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | Micro Focus NetIQ Self Service Password Reset. |
Affected:
All versions prior to version 4.4
|
Date Public
2019-06-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:31.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus NetIQ Self Service Password Reset.",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.4"
}
]
}
],
"datePublic": "2019-06-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:05.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus NetIQ Self Service Password Reset.",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p2/data/release-notes-sspr-44-p2.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11648",
"datePublished": "2019-06-24T15:40:28.000Z",
"dateReserved": "2019-05-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:03:31.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1600 (GCVE-0-2016-1600)
Vulnerability from cvelistv5 – Published: 2019-05-09 20:33 – Updated: 2024-08-05 23:02
VLAI
EPSS
VEX
Summary
The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability.
Severity
No CVSS data available.
CWE
- Information disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netiq.com/documentation/identity-mana… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | Identity Manager |
Affected:
Versions prior to version 4.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html#t433o7au0niu"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Identity Manager",
"vendor": "NetIQ",
"versions": [
{
"status": "affected",
"version": "Versions prior to version 4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:46.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html#t433o7au0niu"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-1600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Manager",
"version": {
"version_data": [
{
"version_value": "Versions prior to version 4.6"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html#t433o7au0niu",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html#t433o7au0niu"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-1600",
"datePublished": "2019-05-09T20:33:45.000Z",
"dateReserved": "2016-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:02:11.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12462 (GCVE-0-2018-12462)
Vulnerability from cvelistv5 – Published: 2018-07-10 19:00 – Updated: 2024-09-16 18:56
VLAI
EPSS
VEX
Title
NetIQ iManager XSS vulnerabilities
Summary
NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.
Severity
4.8 (Medium)
CWE
- NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.microfocus.com/kb/doc.php?id=7016795 | x_refsource_CONFIRM |
Impacted products
Date Public
2018-07-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:06.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7016795"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iManager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "3.1.1",
"status": "affected",
"version": "NetIQ iManager",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-07-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:36.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7016795"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to NetIQ iManager 3.1.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NetIQ iManager XSS vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-07-02T05:00:00.000Z",
"ID": "CVE-2018-12462",
"STATE": "PUBLIC",
"TITLE": "NetIQ iManager XSS vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iManager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "NetIQ iManager",
"version_value": "3.1.1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.microfocus.com/kb/doc.php?id=7016795",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7016795"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to NetIQ iManager 3.1.1"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-12462",
"datePublished": "2018-07-10T19:00:00.000Z",
"dateReserved": "2018-06-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:56:13.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12461 (GCVE-0-2018-12461)
Vulnerability from cvelistv5 – Published: 2018-07-10 18:00 – Updated: 2024-09-16 17:18
VLAI
EPSS
VEX
Title
Certificate Revocation Check failure
Summary
Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation.
Severity
CWE
- Under some circumstances certificate revocation checks in NetIQ eDirectory versions prior to 9.1.1 do not work.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netiq.com/support/kb/doc.php?id=7016794 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | eDirectory |
Affected:
eDirectory 9.1.1 , < 9.1.1
(custom)
|
Date Public
2018-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016794"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eDirectory",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "9.1.1",
"status": "affected",
"version": "eDirectory 9.1.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Under some circumstances certificate revocation checks in NetIQ eDirectory versions prior to 9.1.1 do not work.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:48.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016794"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to eDirectory 9.1.1 ."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Certificate Revocation Check failure",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-07-10T05:00:00.000Z",
"ID": "CVE-2018-12461",
"STATE": "PUBLIC",
"TITLE": "Certificate Revocation Check failure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eDirectory",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "eDirectory 9.1.1",
"version_value": "9.1.1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Under some circumstances certificate revocation checks in NetIQ eDirectory versions prior to 9.1.1 do not work."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/support/kb/doc.php?id=7016794",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016794"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to eDirectory 9.1.1 ."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-12461",
"datePublished": "2018-07-10T18:00:00.000Z",
"dateReserved": "2018-06-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:18:10.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9284 (GCVE-0-2017-9284)
Vulnerability from cvelistv5 – Published: 2018-04-26 15:00 – Updated: 2024-08-05 17:02
VLAI
EPSS
VEX
Title
IDM 4.6 Identity Applications information leakage
Summary
IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information.
Severity
4.8 (Medium)
CWE
- Information Leakage
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://download.microfocus.com/Download?buildid=… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | IDM - Identity Applications |
Affected:
Prior to 4.6 Service Pack 2 Hotfix 1 , < 4.6 Service Pack 2 Hotfix 1
(custom)
|
Date Public
2018-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.microfocus.com/Download?buildid=Xg1dZMVbBzs~"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IDM - Identity Applications",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.6 Service Pack 2 Hotfix 1",
"status": "affected",
"version": "Prior to 4.6 Service Pack 2 Hotfix 1",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:06.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.microfocus.com/Download?buildid=Xg1dZMVbBzs~"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IDM 4.6 Identity Applications information leakage",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2017-9284",
"STATE": "PUBLIC",
"TITLE": "IDM 4.6 Identity Applications information leakage"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IDM - Identity Applications",
"version": {
"version_data": [
{
"affected": "\u003c",
"platform": "",
"version_affected": "\u003c",
"version_name": "Prior to 4.6 Service Pack 2 Hotfix 1",
"version_value": "4.6 Service Pack 2 Hotfix 1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"configuration": [],
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information."
}
]
},
"exploit": [],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.microfocus.com/Download?buildid=Xg1dZMVbBzs~",
"refsource": "CONFIRM",
"url": "https://download.microfocus.com/Download?buildid=Xg1dZMVbBzs~"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-9284",
"datePublished": "2018-04-26T15:00:00.000Z",
"dateReserved": "2017-05-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:02:44.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9275 (GCVE-0-2017-9275)
Vulnerability from cvelistv5 – Published: 2018-04-26 15:00 – Updated: 2024-08-05 17:02
VLAI
EPSS
VEX
Title
NetIQ Identity Reporting XSS exposure
Summary
NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack.
Severity
CWE
- XSS Issue
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://download.microfocus.com/Download?buildid=… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | Identity Reporting |
Affected:
Prior to 5.5 Service Pack 1 , < 5.5 Service Pack 1
(custom)
|
Date Public
2018-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.microfocus.com/Download?buildid=iGYyq6xwjhE~\u0026donotredirect=true"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Identity Reporting",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "5.5 Service Pack 1",
"status": "affected",
"version": "Prior to 5.5 Service Pack 1",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS Issue",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:31.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.microfocus.com/Download?buildid=iGYyq6xwjhE~\u0026donotredirect=true"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NetIQ Identity Reporting XSS exposure",
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2017-9275",
"STATE": "PUBLIC",
"TITLE": "NetIQ Identity Reporting XSS exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Reporting",
"version": {
"version_data": [
{
"affected": "\u003c",
"platform": "",
"version_affected": "\u003c",
"version_name": "Prior to 5.5 Service Pack 1",
"version_value": "5.5 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"configuration": [],
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack."
}
]
},
"exploit": [],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS Issue"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.microfocus.com/Download?buildid=iGYyq6xwjhE~\u0026donotredirect=true",
"refsource": "CONFIRM",
"url": "https://download.microfocus.com/Download?buildid=iGYyq6xwjhE~\u0026donotredirect=true"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [],
"discovery": "UNKNOWN"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-9275",
"datePublished": "2018-04-26T15:00:00.000Z",
"dateReserved": "2017-05-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:02:44.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7676 (GCVE-0-2018-7676)
Vulnerability from cvelistv5 – Published: 2018-03-28 14:00 – Updated: 2024-08-05 06:31
VLAI
EPSS
VEX
Title
IDM Information Leakage
Summary
The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information.
Severity
CWE
- The NetIQ Identity Manager , in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netiq.com/documentation/identity-mana… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | Identity Manager |
Affected:
Prior to 4.7 , < 4.7
(custom)
|
Date Public
2018-03-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Identity Manager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.7",
"status": "affected",
"version": "Prior to 4.7",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The NetIQ Identity Manager , in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:55.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to NetIQ Identity Manager 4.7."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "IDM Information Leakage",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-7676",
"STATE": "PUBLIC",
"TITLE": "IDM Information Leakage"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "Prior to 4.7",
"version_value": "4.7"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The NetIQ Identity Manager , in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to NetIQ Identity Manager 4.7."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7676",
"datePublished": "2018-03-28T14:00:00.000Z",
"dateReserved": "2018-03-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:31:05.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7674 (GCVE-0-2018-7674)
Vulnerability from cvelistv5 – Published: 2018-03-28 14:00 – Updated: 2024-08-05 06:31
VLAI
EPSS
VEX
Title
IDM URL Redirection attack
Summary
The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.
Severity
CWE
- The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netiq.com/documentation/identity-mana… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | Identity Manager |
Affected:
Prior to 4.7 , < 4.7
(custom)
|
Date Public
2018-03-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Identity Manager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.7",
"status": "affected",
"version": "Prior to 4.7",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:23.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to NetIQ Identity Manager 4.7."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "IDM URL Redirection attack",
"workarounds": [
{
"lang": "en",
"value": "Do not surf the web while running the Identity Manager console."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-7674",
"STATE": "PUBLIC",
"TITLE": "IDM URL Redirection attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "Prior to 4.7",
"version_value": "4.7"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to NetIQ Identity Manager 4.7."
}
],
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Do not surf the web while running the Identity Manager console."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7674",
"datePublished": "2018-03-28T14:00:00.000Z",
"dateReserved": "2018-03-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:31:05.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7673 (GCVE-0-2018-7673)
Vulnerability from cvelistv5 – Published: 2018-03-26 19:00 – Updated: 2024-08-05 06:31
VLAI
EPSS
VEX
Title
NetIQ Identity Manager DoS Attack
Summary
The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack.
Severity
5.1 (Medium)
CWE
- The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attacks.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.netiq.com/documentation/identity-mana… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/103533 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | Identity Manager |
Affected:
Prior to 4.7 , < 4.7
(custom)
|
Date Public
2018-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html"
},
{
"name": "103533",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103533"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Identity Manager",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "4.7",
"status": "affected",
"version": "Prior to 4.7",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attacks.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:30.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html"
},
{
"name": "103533",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103533"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to NetIQ Identity Manager 4.7"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "NetIQ Identity Manager DoS Attack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-7673",
"STATE": "PUBLIC",
"TITLE": "NetIQ Identity Manager DoS Attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Manager",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "Prior to 4.7",
"version_value": "4.7"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attacks."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm47/data/releasenotes_idm47.html"
},
{
"name": "103533",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103533"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to NetIQ Identity Manager 4.7"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7673",
"datePublished": "2018-03-26T19:00:00.000Z",
"dateReserved": "2018-03-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:31:05.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}