Vulnerabilities for Access manager (...) - CXSECURITY.COM

Vulnerabilities for 'Access manager'

2010-06-18

CVE-2010-0284

CWE-22

Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678.

2010-05-26

CVE-2009-4879

CWE-287

The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.

CVE-2009-4878

CWE-noinfo

Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors.

2009-04-14

CVE-2008-6722

CWE-200

Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.

2007-07-05

CVE-2007-3570

The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request.

2007-03-06

CVE-2007-1309

CWE-264

Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt.

>>> Vendor: Novell 111 Products

Netware ftp server

Groupwise webaccess

Small business suite

Zenworks desktops

Internet messaging system

Client firewall

Zenworks remote management

Zenworks server management

Zenworks servers

Open enterprise server

Zenworks patch management server

Groupwise messenger

Identity manager

Zenworks asset management

Apache http server

Access manager identity server

Access manager

Extend director

Modular authentication service

Client login extension (cle)

Zenworks endpoint security management

Zenworks patch management update agent

Challenge response client

Novell client for windows

Zenworks desktop management

Identity manager roles based provisioning module

User application

Netidentity client1.2.3

Suse linux enterprise server

Suse lifecycle management server

Zenworks configuration management

Zenworks handheld management

Zenworks configuration manager

Iprint open enterprise server

Opensuse build service

Suse linux enterprise

Opensuse factory

Identity manager user application

Xtier framework

Data synchronizer

File reporter engine

Suse studio onsite

Iprint open enterprise server 2

Sentinel log manager

Suse audit log keeper

Zenworks mobile management

Suse linux enterprise desktop

Suse linux software development kit

Suse linux enterprise for sap applications

Suse linux enterprise software development kit

Suse linux for vmware

Suse linux enterprise module for legacy software

Suse manager proxy

Suse openstack cloud

Suse package hub for suse linux enterprise

Suse linux enterprise debuginfo

Suse linux enterprise real time extension

Suse linux enterprise live patching

See all Products for Vendor Novell

Copyright 2024, cxsecurity.com