Vulnerabilities > Microfocus > Access Manager > 4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-02 | CVE-2021-22525 | Unspecified vulnerability in Microfocus Access Manager This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1 | 5.5 |
| 2021-03-26 | CVE-2021-22506 | Unspecified vulnerability in Microfocus Access Manager Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. | 7.5 |
| 2021-03-26 | CVE-2020-25840 | Cross-site Scripting vulnerability in Microfocus Access Manager Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. | 6.1 |
| 2021-03-25 | CVE-2021-22496 | Improper Authentication vulnerability in Microfocus Access Manager Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. | 7.5 |
| 2018-11-20 | CVE-2018-17948 | Open Redirect vulnerability in Microfocus Access Manager An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3. | 6.1 |
| 2014-12-23 | CVE-2014-9412 | Cross-Site Scripting vulnerability in Microfocus Access Manager 4.0/4.0.1 Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a different issue than CVE-2014-5216. | 4.3 |
| 2014-12-23 | CVE-2014-5217 | Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Access Manager 4.0/4.0.1 Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action. | 6.8 |
| 2014-12-23 | CVE-2014-5216 | Cross-Site Scripting vulnerability in Microfocus Access Manager 4.0/4.0.1 Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412. | 4.3 |
| 2014-12-23 | CVE-2014-5215 | Information Exposure vulnerability in Microfocus Access Manager 4.0/4.0.1 NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp. | 4.0 |
| 2014-12-23 | CVE-2014-5214 | Unspecified vulnerability in Microfocus Access Manager 4.0/4.0.1 nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 4.0 |