Vulnerabilities for Identity manager (...) - CXSECURITY.COM

Vulnerabilities for 'Identity manager'

2018-03-28

CVE-2018-7676

CWE-200

The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information.

CVE-2018-7674

CWE-601

The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.

2018-03-26

CVE-2018-7673

CWE-noinfo

The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack.

CVE-2018-1350

CWE-532

The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration.

CVE-2018-1349

CWE-532

The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration.

CVE-2018-1348

CWE-noinfo

NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack.

2016-10-27

CVE-2016-1592

CWE-79

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI.

CVE-2015-0787

CWE-79

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI.

2014-06-21

CVE-2014-4509

CWE-Other

The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters.

2007-08-24

CVE-2007-4526

CWE-255

The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this file.

Copyright 2024, cxsecurity.com