Vulnerabilities > Netiq > Imanager > 3.0.1

DATE CVE VULNERABILITY TITLE RISK
2017-05-03 CVE-2017-7432 Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability.
network
low complexity
novell netiq
critical
 9.8
9.8
2017-05-03 CVE-2017-7431 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.
network
low complexity
novell netiq CWE-352
8.8
8.8
2017-05-03 CVE-2017-7430 Cross-site Scripting vulnerability in multiple products
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.
network
low complexity
novell netiq CWE-79
6.1
6.1
2017-05-03 CVE-2017-7428 Improper Input Validation vulnerability in Netiq Imanager
NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat.
network
low complexity
netiq CWE-20
5.3
5.3
2017-04-27 CVE-2017-5186 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.
network
low complexity
netiq novell CWE-327
7.5
7.5