Vulnerabilities > Netiq > Identity Manager > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-26 | CVE-2017-9284 | Information Exposure vulnerability in Netiq Identity Manager 4.6/4.6.1/4.6.2 IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information. | 7.5 |
| 2018-03-26 | CVE-2018-7673 | Unspecified vulnerability in Netiq Identity Manager 4.5 The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack. | 7.5 |
| 2018-03-26 | CVE-2018-1348 | Unspecified vulnerability in Netiq Identity Manager 4.5 NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack. | 7.4 |
| 2018-03-02 | CVE-2017-9280 | Information Exposure vulnerability in Netiq Identity Manager 4.5 Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar. | 7.5 |
| 2018-03-02 | CVE-2017-9279 | Improper Input Validation vulnerability in Netiq Identity Manager 4.5 NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users. | 7.2 |
| 2006-09-14 | CVE-2006-4803 | Unspecified vulnerability in Netiq Identity Manager 3.0.1 The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and "code injection." | 7.2 |