VYPR

Access Manager

by Microfocus

CVEs (43)

  • CVE-2017-14802MedMar 2, 2018
    risk 0.35cvss 5.4epss 0.01

    Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites.

  • CVE-2017-14800MedMar 1, 2018
    risk 0.35cvss 5.4epss 0.01

    A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users.

  • CVE-2017-7419MedMar 2, 2018
    risk 0.30cvss 4.6epss 0.01

    A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.

  • CVE-2017-14801MedMar 2, 2018
    risk 0.30cvss 4.6epss 0.01

    Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter.

  • CVE-2017-14799MedMar 1, 2018
    risk 0.30cvss 4.6epss 0.01

    A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page.

  • CVE-2018-7678LowMar 14, 2018
    risk 0.23cvss 3.5epss 0.01

    A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.

  • CVE-2018-7677LowMar 14, 2018
    risk 0.23cvss 3.5epss 0.01

    A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.

  • CVE-2017-5190LowApr 20, 2017
    risk 0.20cvss 3.1epss 0.01

    NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile.

  • CVE-2014-9412Dec 23, 2014
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll action to…

  • CVE-2014-5216Dec 23, 2014
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to…

  • CVE-2000-0516Jun 6, 2000
    risk 0.03cvss epss 0.01

    When configured to store configuration information in an LDAP directory, Shiva Access Manager 5.0.0 stores the root DN (Distinguished Name) name and password in cleartext in a file that is world readable, which allows local users to compromise the LDAP server.

  • CVE-2021-22531May 12, 2022
    risk 0.00cvss epss 0.01

    A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0

  • CVE-2020-25840Mar 26, 2021
    risk 0.00cvss epss 0.01

    Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction.

  • CVE-2021-22496Mar 25, 2021
    risk 0.00cvss epss 0.01

    Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage.

  • CVE-2018-18255Mar 15, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in CapMon Access Manager 5.4.1.1005. The client applications of AccessManagerCoreService.exe communicate with this server through named pipes. A user can initiate communication with the server by creating a named pipe and sending commands to achieve…

  • CVE-2018-18252Mar 15, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides "NT AUTHORITY\SYSTEM" access to unprivileged users via the --system option.

  • CVE-2018-18254Mar 15, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in CapMon Access Manager 5.4.1.1005. An unprivileged user can read the cal_whitelist table in the Custom App Launcher (CAL) database, and potentially gain privileges by placing a Trojan horse program at an app pathname.

  • CVE-2018-18253Mar 15, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe attempts to enforce access control by adding an unprivileged user to the local Administrators group for a very short time to execute a single command. However, the user is left in that group if the…

  • CVE-2018-18256Mar 15, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in CapMon Access Manager 5.4.1.1005. A regular user can obtain local administrator privileges if they run any whitelisted application through the Custom App Launcher.

  • CVE-2014-5217Dec 23, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via…