NetiqCVEs & Vulnerabilities

70 CVEs affecting Netiq products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

imanager 46access manager 42identity manager 20edirectory 7access governance suite 5privileged account manager 5sentinel 2identity reporting 2
CVE-2022-26322HIGH

Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager has been discovered in OpenText™ Identity Manager REST Driver. This impact version before 1.1.2.0200.

12 Sep 2024
7.5
CVSS
CVE-2020-11843MEDIUM

This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before

11 Jun 2024
6.5
CVSS
CVE-2024-1470HIGH

Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6.

29 Feb 2024
7.8
CVSS
CVE-2022-38758MEDIUM

Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL.

27 Jan 2023
6.1
CVSS
CVE-2022-26329MEDIUM

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.

27 Jan 2023
5.3
CVSS
CVE-2019-11648HIGH

An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive information.

24 Jun 2019
7.5
CVSS
CVE-2018-12462MEDIUM

NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.

10 Jul 2018
4.8
CVSS
CVE-2018-12461LOW

Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation.

10 Jul 2018
3.5
CVSS
CVE-2017-9284MEDIUM

IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information.

26 Apr 2018
4.8
CVSS
CVE-2017-9275LOW

NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack.

26 Apr 2018
2.8
CVSS
CVE-2018-7676LOW

The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information.

28 Mar 2018
3.9
CVSS
CVE-2018-7674LOW

The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.

28 Mar 2018
2.1
CVSS
CVE-2018-7673MEDIUM

The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack.

26 Mar 2018
5.1
CVSS
CVE-2018-1350LOW

The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration.

26 Mar 2018
2.3
CVSS
CVE-2018-1349LOW

The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration.

26 Mar 2018
2.3
CVSS
CVE-2018-1348MEDIUM

NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack.

26 Mar 2018
5.3
CVSS
CVE-2018-1347MEDIUM

The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting.

21 Mar 2018
5.3
CVSS
CVE-2018-1346LOW

Addresses denial of service attack to eDirectory versions prior to 9.1.

21 Mar 2018
3.1
CVSS
CVE-2018-1345MEDIUM

NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack.

21 Mar 2018
5.9
CVSS
CVE-2018-1344LOW

Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1

21 Mar 2018
3.1
CVSS
CVE-2018-7678LOW

A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.

14 Mar 2018
3.5
CVSS
CVE-2018-7677LOW

A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.

14 Mar 2018
3.5
CVSS
CVE-2018-1343CRITICAL

PAM exposure enabling unauthenticated access to remote host

6 Mar 2018
9.8
CVSS
CVE-2017-7437MEDIUM

NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests.

5 Mar 2018
4.6
CVSS
CVE-2017-7427MEDIUM

Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector, via vdtData in the Version discovery and via nextFrame in the Object Inspector and via Host GUID in the System details plugins.

5 Mar 2018
5.4
CVSS
CVE-2017-9285MEDIUM

NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.

2 Mar 2018
5.4
CVSS
CVE-2017-9280MEDIUM

Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar.

2 Mar 2018
4.3
CVSS
CVE-2017-9279LOW

NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users.

2 Mar 2018
2.0
CVSS
CVE-2017-9278LOW

The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.

2 Mar 2018
3.3
CVSS
CVE-2017-9276MEDIUM

Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter.

2 Mar 2018
5.4
CVSS
CVE-2017-7438MEDIUM

NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter.

2 Mar 2018
4.6
CVSS
CVE-2017-7434LOW

In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles.

2 Mar 2018
3.3
CVSS
CVE-2017-7429HIGH

The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.

2 Mar 2018
8.8
CVSS
CVE-2017-7419MEDIUM

A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.

2 Mar 2018
4.6
CVSS
CVE-2017-5189MEDIUM

NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.

2 Mar 2018
4.3
CVSS
CVE-2017-14802MEDIUM

Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites.

2 Mar 2018
5.4
CVSS
CVE-2017-14801MEDIUM

Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter.

2 Mar 2018
4.6
CVSS
CVE-2017-7426MEDIUM

The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks.

1 Mar 2018
5.4
CVSS
CVE-2017-14800MEDIUM

A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users.

1 Mar 2018
5.4
CVSS
CVE-2017-14799MEDIUM

A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page.

1 Mar 2018
4.6
CVSS
CVE-2018-1342CRITICAL

A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console.

26 Jan 2018
9.8
CVSS
CVE-2017-14803CRITICAL

In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system.

20 Jan 2018
9.8
CVSS
CVE-2017-7425HIGH

Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.

6 Nov 2017
7.6
CVSS
CVE-2017-7432CRITICAL

Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability.

3 May 2017
9.8
CVSS
CVE-2017-7431HIGH

Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.

3 May 2017
8.8
CVSS
CVE-2017-7430MEDIUM

Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.

3 May 2017
6.1
CVSS
CVE-2017-7428MEDIUM

NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat.

3 May 2017
5.3
CVSS
CVE-2017-5186HIGH

Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.

27 Apr 2017
7.5
CVSS
← PrevPage 1 / 2Next →