Vulnerabilities > Microfocus > Edirectory > 8.8.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-12 | CVE-2018-17952 | Cross-site Scripting vulnerability in Microfocus Edirectory Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 | 6.1 |
2018-12-12 | CVE-2018-17950 | Incorrect Authorization vulnerability in Microfocus Edirectory Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2 | 7.5 |
2018-08-09 | CVE-2018-7692 | Open Redirect vulnerability in Microfocus Edirectory Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. | 6.1 |
2018-08-09 | CVE-2018-7686 | Information Exposure vulnerability in Microfocus Edirectory Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. | 7.5 |
2018-03-02 | CVE-2017-9285 | Improper Authentication vulnerability in multiple products NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. | 9.8 |
2018-03-02 | CVE-2017-7429 | Improper Certificate Validation vulnerability in multiple products The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. | 8.8 |