Vulnerabilities > Netiq

DATE CVE VULNERABILITY TITLE RISK
2016-10-27 CVE-2016-1592 Cross-site Scripting vulnerability in Netiq Identity Manager 4.5
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI.
network
low complexity
netiq CWE-79
6.1
2016-10-27 CVE-2015-0787 Cross-site Scripting vulnerability in Netiq Identity Manager 4.5
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI.
network
low complexity
netiq CWE-79
6.1
2016-08-01 CVE-2016-1605 Path Traversal vulnerability in Netiq Sentinel 7.4/7.4.1
Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read arbitrary files via a PREVIEW value for the fileType field.
network
low complexity
netiq CWE-22
6.5
2014-06-21 CVE-2014-4509 Local Command Injection vulnerability in Netiq Identity Manager 4.0.2
The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters.
local
low complexity
netiq
4.6
2007-08-25 CVE-2007-4526 Credentials Management vulnerability in multiple products
The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this file.
local
low complexity
netiq novell CWE-255
2.1
2006-09-14 CVE-2006-4803 Unspecified vulnerability in Netiq Identity Manager 3.0.1
The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and "code injection."
local
low complexity
netiq
7.2
2006-08-31 CVE-2006-4506 Unspecified vulnerability in Netiq Identity Manager 3.0.1
idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " (quote) and \ (backslash) characters and eval injection.
local
low complexity
netiq
3.6