Vulnerabilities > Netiq > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-06 | CVE-2018-1343 | Improper Authentication vulnerability in Netiq Privileged Account Manager PAM exposure enabling unauthenticated access to remote host | 9.8 |
| 2018-03-02 | CVE-2017-9285 | Improper Authentication vulnerability in multiple products NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. | 9.8 |
| 2018-03-02 | CVE-2017-9278 | Information Exposure Through Log Files vulnerability in Netiq Identity Manager The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables. | 9.8 |
| 2018-03-02 | CVE-2017-7434 | Information Exposure Through Log Files vulnerability in Netiq Identity Manager 4.5 In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles. | 9.8 |
| 2018-03-01 | CVE-2017-7426 | XXE vulnerability in Netiq Identity Manager 4.5/4.6 The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks. | 9.1 |
| 2018-01-26 | CVE-2018-1342 | Unrestricted Upload of File with Dangerous Type vulnerability in Netiq Access Manager 4.3/4.4 A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. | 9.8 |
| 2018-01-20 | CVE-2017-14803 | Unspecified vulnerability in Netiq Access Manager 4.3/4.4 In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system. | 9.8 |
| 2017-05-03 | CVE-2017-7432 | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. | 9.8 |
| 2017-03-23 | CVE-2016-5757 | Information Exposure vulnerability in Netiq Access Manager 4.1/4.2 iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials. | 9.8 |