Vulnerabilities > Microfocus > Edirectory > 8.8.6.2

DATE CVE VULNERABILITY TITLE RISK
2018-12-12 CVE-2018-17952 Cross-site Scripting vulnerability in Microfocus Edirectory
Cross site scripting vulnerability in eDirectory prior to 9.1 SP2
network
low complexity
microfocus CWE-79
6.1
6.1
2018-12-12 CVE-2018-17950 Incorrect Authorization vulnerability in Microfocus Edirectory
Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2
network
low complexity
microfocus CWE-863
7.5
7.5
2018-08-09 CVE-2018-7692 Open Redirect vulnerability in Microfocus Edirectory
Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.
network
low complexity
microfocus CWE-601
6.1
6.1
2018-08-09 CVE-2018-7686 Information Exposure vulnerability in Microfocus Edirectory
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
network
low complexity
microfocus CWE-200
7.5
7.5
2018-03-02 CVE-2017-9285 Improper Authentication vulnerability in multiple products
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
network
low complexity
netiq microfocus CWE-287
critical
 9.8
9.8
2018-03-02 CVE-2017-7429 Improper Certificate Validation vulnerability in multiple products
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
network
low complexity
netiq microfocus CWE-295
8.8
8.8
2012-12-25 CVE-2012-0430 Unspecified vulnerability in Microfocus Edirectory
Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors.
network
low complexity
microfocus
6.4
6.4
2012-12-25 CVE-2012-0429 Unspecified vulnerability in Microfocus Edirectory
dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request.
network
low complexity
microfocus
4.0
4.0
2012-12-25 CVE-2012-0428 Cross-Site Scripting vulnerability in Microfocus Edirectory
Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
microfocus CWE-79
4.3
4.3