RSS   Vulnerabilities for 'Identity manager'   RSS

2018-03-28
 
CVE-2018-7676

CWE-200
 

 
The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information.

 
 
CVE-2018-7674

CWE-601
 

 
The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.

 
2018-03-26
 
CVE-2018-7673

CWE-noinfo
 

 
The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack.

 
 
CVE-2018-1350

CWE-532
 

 
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration.

 
 
CVE-2018-1349

CWE-532
 

 
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration.

 
 
CVE-2018-1348

CWE-310
 

 
NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack.

 
2016-10-27
 
CVE-2016-1592

CWE-79
 

 
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI.

 
 
CVE-2015-0787

CWE-79
 

 
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI.

 
2014-06-21
 
CVE-2014-4509

CWE-Other
 

 
The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters.

 
2007-08-24
 
CVE-2007-4526

CWE-255
 

 
The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this file.

 


Copyright 2019, cxsecurity.com

 

Back to Top