VYPR

Access Manager

by Novell

CVEs (16)

  • CVE-2021-35587KEVJan 19, 2022
    risk 0.23cvss epss 0.96

    Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via…

  • CVE-2021-22506KEVMar 26, 2021
    risk 0.13cvss epss 0.26

    Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.

  • CVE-2022-43672Nov 12, 2022
    risk 0.03cvss epss 0.67

    Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.

  • CVE-2022-40300Sep 16, 2022
    risk 0.03cvss epss 0.99

    Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.

  • CVE-2010-0284Jun 18, 2010
    risk 0.01cvss epss 0.06

    Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create…

  • CVE-2020-11843Jun 11, 2024
    risk 0.00cvss epss 0.00

    This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before

  • CVE-2023-49961Jan 8, 2024
    risk 0.00cvss epss 0.00

    WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure.

  • CVE-2023-2291Apr 26, 2023
    risk 0.00cvss epss 0.01

    Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their…

  • CVE-2023-23592Feb 9, 2023
    risk 0.00cvss epss 0.01

    WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information.

  • CVE-2020-2745Apr 15, 2020
    risk 0.00cvss epss 0.01

    Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Federation). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2020-2747Apr 15, 2020
    risk 0.00cvss epss 0.01

    Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: SSO Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise…

  • CVE-2009-4879May 26, 2010
    risk 0.00cvss epss 0.01

    The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.

  • CVE-2009-4878May 26, 2010
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors.

  • CVE-2008-6722Apr 14, 2009
    risk 0.00cvss epss 0.00

    Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of…

  • CVE-2007-3570Jul 5, 2007
    risk 0.00cvss epss 0.02

    The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request.

  • CVE-2007-1309Mar 7, 2007
    risk 0.00cvss epss 0.02

    Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt.