VYPR

Imanager

by Novell

CVEs (33)

  • CVE-2017-7432CriMay 3, 2017
    risk 0.64cvss 9.8epss 0.02

    Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability.

  • CVE-2017-7431HigMay 3, 2017
    risk 0.57cvss 8.8epss 0.01

    Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.

  • CVE-2004-0079HigNov 23, 2004
    risk 0.50cvss 7.5epss 0.10

    The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

  • CVE-2017-5186HigApr 27, 2017
    risk 0.49cvss 7.5epss 0.01

    Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.

  • CVE-2017-7430MedMay 3, 2017
    risk 0.40cvss 6.1epss 0.01

    Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.

  • CVE-2018-1345MedMar 21, 2018
    risk 0.38cvss 5.9epss 0.01

    NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack.

  • CVE-2010-1930Jun 28, 2010
    risk 0.04cvss epss 0.08

    Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc.

  • CVE-2010-1929Jun 28, 2010
    risk 0.04cvss epss 0.16

    Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID…

  • CVE-2004-0112Nov 23, 2004
    risk 0.01cvss epss 0.10

    The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake…

  • CVE-2004-0081Nov 23, 2004
    risk 0.01cvss epss 0.07

    OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

  • CVE-2020-11859Nov 6, 2024
    risk 0.00cvss epss 0.00

    Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3

  • CVE-2024-4429May 28, 2024
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information disclosure.

  • CVE-2024-3969May 28, 2024
    risk 0.00cvss epss 0.01

    XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload

  • CVE-2024-3488May 15, 2024
    risk 0.00cvss epss 0.00

    File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication.

  • CVE-2024-3487May 15, 2024
    risk 0.00cvss epss 0.00

    Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass authentication.

  • CVE-2024-3486May 15, 2024
    risk 0.00cvss epss 0.00

    XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.

  • CVE-2024-3485May 15, 2024
    risk 0.00cvss epss 0.00

    Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure.

  • CVE-2024-3484May 15, 2024
    risk 0.00cvss epss 0.01

    Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file disclosure.

  • CVE-2024-3483May 15, 2024
    risk 0.00cvss epss 0.01

    Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues.

  • CVE-2024-3967May 15, 2024
    risk 0.00cvss epss 0.01

    Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization.

Page 1 of 2