Access Manager
by Novell
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-35587 | 0.23 | — | 0.96 | KEV | Jan 19, 2022 | Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via… | ||
| CVE-2021-22506 | 0.13 | — | 0.26 | KEV | Mar 26, 2021 | Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage. | ||
| CVE-2022-43672 | 0.03 | — | 0.67 | Nov 12, 2022 | Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. | |||
| CVE-2022-40300 | 0.03 | — | 0.99 | Sep 16, 2022 | Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities. | |||
| CVE-2010-0284 | 0.01 | — | 0.06 | Jun 18, 2010 | Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create… | |||
| CVE-2020-11843 | 0.00 | — | 0.00 | Jun 11, 2024 | This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before | |||
| CVE-2023-49961 | 0.00 | — | 0.00 | Jan 8, 2024 | WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure. | |||
| CVE-2023-2291 | 0.00 | — | 0.01 | Apr 26, 2023 | Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their… | |||
| CVE-2023-23592 | 0.00 | — | 0.01 | Feb 9, 2023 | WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information. | |||
| CVE-2020-2745 | 0.00 | — | 0.01 | Apr 15, 2020 | Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Federation). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise… | |||
| CVE-2020-2747 | 0.00 | — | 0.01 | Apr 15, 2020 | Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: SSO Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise… | |||
| CVE-2009-4879 | 0.00 | — | 0.01 | May 26, 2010 | The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions. | |||
| CVE-2009-4878 | 0.00 | — | 0.01 | May 26, 2010 | Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors. | |||
| CVE-2008-6722 | 0.00 | — | 0.00 | Apr 14, 2009 | Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of… | |||
| CVE-2007-3570 | 0.00 | — | 0.02 | Jul 5, 2007 | The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request. | |||
| CVE-2007-1309 | 0.00 | — | 0.02 | Mar 7, 2007 | Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt. |
- risk 0.23cvss —epss 0.96
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via…
- risk 0.13cvss —epss 0.26
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.
- CVE-2022-43672Nov 12, 2022risk 0.03cvss —epss 0.67
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.
- CVE-2022-40300Sep 16, 2022risk 0.03cvss —epss 0.99
Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.
- CVE-2010-0284Jun 18, 2010risk 0.01cvss —epss 0.06
Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create…
- CVE-2020-11843Jun 11, 2024risk 0.00cvss —epss 0.00
This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before
- CVE-2023-49961Jan 8, 2024risk 0.00cvss —epss 0.00
WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure.
- CVE-2023-2291Apr 26, 2023risk 0.00cvss —epss 0.01
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their…
- CVE-2023-23592Feb 9, 2023risk 0.00cvss —epss 0.01
WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information.
- CVE-2020-2745Apr 15, 2020risk 0.00cvss —epss 0.01
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Federation). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…
- CVE-2020-2747Apr 15, 2020risk 0.00cvss —epss 0.01
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: SSO Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise…
- CVE-2009-4879May 26, 2010risk 0.00cvss —epss 0.01
The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.
- CVE-2009-4878May 26, 2010risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors.
- CVE-2008-6722Apr 14, 2009risk 0.00cvss —epss 0.00
Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of…
- CVE-2007-3570Jul 5, 2007risk 0.00cvss —epss 0.02
The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request.
- CVE-2007-1309Mar 7, 2007risk 0.00cvss —epss 0.02
Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt.