Vulnerabilities > Netiq
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-14 | CVE-2018-7677 | Cross-Site Request Forgery (CSRF) vulnerability in Netiq Access Manager 4.4 A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component. | 8.8 |
| 2018-03-06 | CVE-2018-1343 | Improper Authentication vulnerability in Netiq Privileged Account Manager PAM exposure enabling unauthenticated access to remote host | 9.8 |
| 2018-03-05 | CVE-2017-7437 | Cross-site Scripting vulnerability in Netiq Privileged Account Manager 3.1 NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests. | 6.1 |
| 2018-03-05 | CVE-2017-7427 | Cross-site Scripting vulnerability in Netiq Identity Manager 4.5/4.6 Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. | 6.1 |
| 2018-03-02 | CVE-2017-9285 | Improper Authentication vulnerability in multiple products NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. | 9.8 |
| 2018-03-02 | CVE-2017-9280 | Information Exposure vulnerability in Netiq Identity Manager 4.5 Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar. | 7.5 |
| 2018-03-02 | CVE-2017-9279 | Improper Input Validation vulnerability in Netiq Identity Manager 4.5 NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users. | 7.2 |
| 2018-03-02 | CVE-2017-9278 | Information Exposure Through Log Files vulnerability in Netiq Identity Manager The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables. | 9.8 |
| 2018-03-02 | CVE-2017-9276 | Cross-site Scripting vulnerability in Netiq Access Manager Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter. | 6.1 |
| 2018-03-02 | CVE-2017-7438 | Cross-site Scripting vulnerability in Netiq Privileged Account Manager 3.1 NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter. | 6.1 |