Edirectory
by Microfocus
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7429 | Hig | 0.57 | 8.8 | 0.01 | Mar 2, 2018 | The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. | ||
| CVE-2018-7686 | Hig | 0.49 | 7.5 | 0.01 | Aug 9, 2018 | Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. | ||
| CVE-2017-5186 | Hig | 0.49 | 7.5 | 0.01 | Apr 27, 2017 | Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. | ||
| CVE-2017-9285 | Med | 0.35 | 5.4 | 0.01 | Mar 2, 2018 | NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. | ||
| CVE-2018-12461 | Low | 0.23 | 3.5 | 0.00 | Jul 10, 2018 | Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. | ||
| CVE-2018-1346 | Low | 0.20 | 3.1 | 0.01 | Mar 21, 2018 | Addresses denial of service attack to eDirectory versions prior to 9.1. | ||
| CVE-2012-0432 | 0.08 | — | 0.59 | Dec 25, 2012 | Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors. | |||
| CVE-2012-0430 | 0.00 | — | 0.02 | Dec 25, 2012 | Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors. | |||
| CVE-2012-0429 | 0.00 | — | 0.02 | Dec 25, 2012 | dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request. | |||
| CVE-2012-0428 | 0.00 | — | 0.02 | Dec 25, 2012 | Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
- risk 0.57cvss 8.8epss 0.01
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
- risk 0.49cvss 7.5epss 0.01
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
- risk 0.49cvss 7.5epss 0.01
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.
- risk 0.35cvss 5.4epss 0.01
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
- risk 0.23cvss 3.5epss 0.00
Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation.
- risk 0.20cvss 3.1epss 0.01
Addresses denial of service attack to eDirectory versions prior to 9.1.
- CVE-2012-0432Dec 25, 2012risk 0.08cvss —epss 0.59
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.
- CVE-2012-0430Dec 25, 2012risk 0.00cvss —epss 0.02
Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors.
- CVE-2012-0429Dec 25, 2012risk 0.00cvss —epss 0.02
dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request.
- CVE-2012-0428Dec 25, 2012risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.