Vulnerabilities > Netiq > Access Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-20 | CVE-2017-14803 | Unspecified vulnerability in Netiq Access Manager 4.3/4.4 In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system. | 9.8 |
| 2017-04-24 | CVE-2017-5191 | Cross-site Scripting vulnerability in Netiq Access Manager 4.2/4.3 An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header. | 6.1 |
| 2017-04-20 | CVE-2017-5183 | Cross-site Scripting vulnerability in Netiq Access Manager 4.2.2/4.3/4.3.1 NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document. | 6.1 |
| 2017-04-20 | CVE-2017-5190 | Information Exposure vulnerability in Netiq Access Manager 4.1/4.2/4.3 NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile. | 3.1 |
| 2017-03-23 | CVE-2016-5758 | Cross-Site Request Forgery (CSRF) vulnerability in Netiq Access Manager 4.1/4.2 A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load. | 8.8 |
| 2017-03-23 | CVE-2016-5757 | Information Exposure vulnerability in Netiq Access Manager 4.1/4.2 iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials. | 9.8 |
| 2017-03-23 | CVE-2016-5756 | Cross-site Scripting vulnerability in Netiq Access Manager 4.1/4.2 Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl, roma/jsp/admin/appliance/devicedetail_edit.jsp, roma/jsp/admin/managementip/mgmt_ip_details_frameset.jsp, roma/jsp/admin/managementip/mgmt_ip_details_middleframe.jsp, roma/jsp/volsc/monitoring/appliance.jsp, and roma/jsp/volsc/monitoring/graph.jsp. | 6.1 |
| 2017-03-23 | CVE-2016-5755 | Improper Input Validation vulnerability in Netiq Access Manager 4.1/4.2 NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting. | 6.5 |
| 2017-03-23 | CVE-2016-5754 | Information Exposure vulnerability in Netiq Access Manager 4.1/4.2 Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2. | 7.5 |
| 2017-03-23 | CVE-2016-5752 | Information Exposure vulnerability in Netiq Access Manager 4.1/4.2 The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester. | 7.5 |