RSS   Vulnerabilities for 'Access manager'   RSS

2010-06-18
 
CVE-2010-0284

CWE-22
 

 
Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678.

 
2010-05-26
 
CVE-2009-4879

CWE-287
 

 
The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.

 
 
CVE-2009-4878

CWE-noinfo
 

 
Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors.

 
2009-04-14
 
CVE-2008-6722

CWE-200
 

 
Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.

 
2007-07-05
 
CVE-2007-3570

 

 
The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request.

 
2007-03-06
 
CVE-2007-1309

CWE-264
 

 
Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt.

 

 >>> Vendor: Novell 111 Products
Unixware
Http server
Web server
Suse linux
Netware
Groupwise
Netware client
Bordermanager
Client
Netware ftp server
Groupwise webaccess
Messenger
Web search
Netmail
Netmail xe
Emframe
Small business suite
Edirectory
Ichain
LEAP
Zenworks desktops
Imanager
Client firewall
Internet messaging system
Linux desktop
Nsure audit
Zenworks
Zenworks remote management
Zenworks server management
Zenworks servers
Open enterprise server
Zenworks patch management server
Groupwise messenger
Imonitor
Identity manager
Zenworks asset management
Apache http server
Access manager identity server
Access manager
Securelogin
Opensuse
Extend director
Modular authentication service
Client login extension (cle)
Zenworks endpoint security management
Opensuse swamp
Zenworks patch management update agent
Challenge response client
Novell client for windows
Apparmor
Iprint
Iprint client
Novell forum
Service desk
Zenworks desktop management
Identity manager roles based provisioning module
User application
Teaming
Netidentity client1.2.3
Suse linux enterprise server
Suse lifecycle management server
Zenworks configuration management
Moonlight
Zenworks handheld management
Vibe onprem
Zenworks configuration manager
Iprint open enterprise server
Opensuse build service
File reporter
Suse linux enterprise
Opensuse factory
Identity manager user application
Xtier framework
Data synchronizer
Mobility pack
File reporter engine
Suse studio onsite
Cloud manager
Iprint open enterprise server 2
Sentinel log manager
Suse audit log keeper
Zenworks mobile management
Kanaka
Suse linux enterprise desktop
Libzypp
Suse linux software development kit
Suse manager
Suse linux enterprise for sap applications
Suse cloud
Suse linux enterprise software development kit
Suse linux for vmware
Suse linux sdk
FILR
Suse linux enterprise module for legacy software
Suse manager proxy
Suse openstack cloud
Suse package hub for suse linux enterprise
Suse linux enterprise live patching
Suse linux enterprise module for public cloud
Suse linux enterprise workstation extension
See all Products for Vendor Novell


Copyright 2024, cxsecurity.com

 

Back to Top