Edirectory
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-25675 | Hig | 0.53 | 8.2 | 0.01 | Apr 5, 2026 | eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with… | ||
| CVE-2018-7692 | Med | 0.40 | 6.1 | 0.01 | Aug 9, 2018 | Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. | ||
| CVE-2021-22503 | 0.00 | — | 0.00 | Sep 12, 2024 | Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.3.0000. | |||
| CVE-2021-22532 | 0.00 | — | 0.00 | Sep 12, 2024 | Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText™ eDirectory before 9.2.4.0000. | |||
| CVE-2021-22533 | 0.00 | — | 0.00 | Sep 12, 2024 | Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000. | |||
| CVE-2021-38131 | 0.00 | — | 0.00 | Sep 12, 2024 | Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.5.0000. | |||
| CVE-2021-38132 | 0.00 | — | 0.00 | Sep 12, 2024 | Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000. | |||
| CVE-2021-38133 | 0.00 | — | 0.00 | Sep 12, 2024 | Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000. | |||
| CVE-2016-9166 | 0.00 | — | 0.01 | Mar 18, 2019 | NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security. | |||
| CVE-2018-17950 | 0.00 | — | 0.01 | Dec 12, 2018 | Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2 | |||
| CVE-2018-17952 | 0.00 | — | 0.01 | Dec 12, 2018 | Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 |
- risk 0.53cvss 8.2epss 0.01
eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with…
- risk 0.40cvss 6.1epss 0.01
Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.
- CVE-2021-22503Sep 12, 2024risk 0.00cvss —epss 0.00
Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.3.0000.
- CVE-2021-22532Sep 12, 2024risk 0.00cvss —epss 0.00
Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText™ eDirectory before 9.2.4.0000.
- CVE-2021-22533Sep 12, 2024risk 0.00cvss —epss 0.00
Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000.
- CVE-2021-38131Sep 12, 2024risk 0.00cvss —epss 0.00
Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.5.0000.
- CVE-2021-38132Sep 12, 2024risk 0.00cvss —epss 0.00
Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.
- CVE-2021-38133Sep 12, 2024risk 0.00cvss —epss 0.00
Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.
- CVE-2016-9166Mar 18, 2019risk 0.00cvss —epss 0.01
NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security.
- CVE-2018-17950Dec 12, 2018risk 0.00cvss —epss 0.01
Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2
- CVE-2018-17952Dec 12, 2018risk 0.00cvss —epss 0.01
Cross site scripting vulnerability in eDirectory prior to 9.1 SP2