Search

Find a vulnerability

Search criteria

    48 vulnerabilities found for access_manager by netiq

    CVE-2020-11843 (GCVE-0-2020-11843)

    Vulnerability from nvd – Published: 2024-06-11 07:23 – Updated: 2024-08-04 11:42
    VLAI
    Title
    Potential information leakage in administrator enabled debug mode
    Summary
    This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    OpenText NetIQ Access Manager Affected: 4.5 , < < (server)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-11843",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-12T19:48:24.994478Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-12T19:48:33.709Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:42:00.107Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/access-manager-45/accessmanager452-hf1-release-notes/data/accessmanager452-hf1-release-notes.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/access-manager-44/accessmanager444-hf3-release-notes/data/accessmanager444-hf3-release-notes.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux"
              ],
              "product": "NetIQ Access Manager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThan": "\u003c",
                  "status": "affected",
                  "version": "4.5",
                  "versionType": "server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This allows the information exposure to unauthorized users.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects NetIQ Access Manager using version 4.5 or before\u0026nbsp;\u003c/span\u003e"
                }
              ],
              "value": "This allows the information exposure to unauthorized users.\u00a0This issue affects NetIQ Access Manager using version 4.5 or before"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-410",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-410 Information Elicitation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T07:23:38.502Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/access-manager-45/accessmanager452-hf1-release-notes/data/accessmanager452-hf1-release-notes.html"
            },
            {
              "url": "https://www.netiq.com/documentation/access-manager-44/accessmanager444-hf3-release-notes/data/accessmanager444-hf3-release-notes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Potential information leakage in administrator enabled debug mode",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2020-11843",
        "datePublished": "2024-06-11T07:23:38.502Z",
        "dateReserved": "2020-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:42:00.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7678 (GCVE-0-2018-7678)

    Vulnerability from nvd – Published: 2018-03-14 15:00 – Updated: 2024-08-05 06:31
    VLAI
    Title
    XSS vulnerability in NetIQ Access Manager (NAM) Admin Console component
    Summary
    A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.
    CWE
    • XSS
    Assigner
    References
    Impacted products
    Vendor Product Version
    NetIQ NetIQ Access Manager (NAM) Admin Console Affected: Access Manager 4.4
    Affected: Access Manager 4.3
    Create a notification for this product.
    Date Public
    2018-03-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:31:05.113Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/support/kb/doc.php?id=7022724"
              },
              {
                "name": "103421",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103421"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NetIQ Access Manager (NAM) Admin Console",
              "vendor": "NetIQ",
              "versions": [
                {
                  "status": "affected",
                  "version": "Access Manager 4.4"
                },
                {
                  "status": "affected",
                  "version": "Access Manager 4.3"
                }
              ]
            }
          ],
          "datePublic": "2018-03-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XSS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:16:07.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.netiq.com/support/kb/doc.php?id=7022724"
            },
            {
              "name": "103421",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103421"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Apply 4.4 SP1."
            }
          ],
          "source": {
            "advisory": "https://www.netiq.com/support/kb/doc.php?id=7022724",
            "defect": [
              "XSS",
              "vulnerability"
            ],
            "discovery": "INTERNAL"
          },
          "title": "XSS vulnerability in NetIQ Access Manager (NAM) Admin Console component",
          "workarounds": [
            {
              "lang": "en",
              "value": "Apply 4.4 SP1."
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2018-7678",
              "STATE": "PUBLIC",
              "TITLE": "XSS vulnerability in NetIQ Access Manager (NAM) Admin Console component"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NetIQ Access Manager (NAM) Admin Console",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_name": "Access Manager",
                                "version_value": "4.4"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_name": "Access Manager",
                                "version_value": "4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XSS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.netiq.com/support/kb/doc.php?id=7022724",
                  "refsource": "CONFIRM",
                  "url": "https://www.netiq.com/support/kb/doc.php?id=7022724"
                },
                {
                  "name": "103421",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103421"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Apply 4.4 SP1."
              }
            ],
            "source": {
              "advisory": "https://www.netiq.com/support/kb/doc.php?id=7022724",
              "defect": [
                "XSS",
                "vulnerability"
              ],
              "discovery": "INTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Apply 4.4 SP1."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-7678",
        "datePublished": "2018-03-14T15:00:00.000Z",
        "dateReserved": "2018-03-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:31:05.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7677 (GCVE-0-2018-7677)

    Vulnerability from nvd – Published: 2018-03-14 15:00 – Updated: 2024-08-05 06:31
    VLAI
    Title
    CSRF in NetIQ Access Manager (NAM) Identity Server component
    Summary
    A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.
    CWE
    • CSRF
    Assigner
    References
    Impacted products
    Date Public
    2018-03-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:31:05.048Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/support/kb/doc.php?id=7022725"
              },
              {
                "name": "103420",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103420"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NetIQ Access Manager (NAM) Admin Console",
              "vendor": "NetIQ",
              "versions": [
                {
                  "status": "affected",
                  "version": "Access Manager 4.4"
                }
              ]
            }
          ],
          "datePublic": "2018-03-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CSRF",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:47.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.netiq.com/support/kb/doc.php?id=7022725"
            },
            {
              "name": "103420",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103420"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Apply 4.4 SP1."
            }
          ],
          "source": {
            "advisory": "https://www.netiq.com/support/kb/doc.php?id=7022725",
            "defect": [
              "CSRF"
            ],
            "discovery": "INTERNAL"
          },
          "title": "CSRF in NetIQ Access Manager (NAM) Identity Server component",
          "workarounds": [
            {
              "lang": "en",
              "value": "Apply 4.4 SP1."
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2018-7677",
              "STATE": "PUBLIC",
              "TITLE": "CSRF in NetIQ Access Manager (NAM) Identity Server component"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NetIQ Access Manager (NAM) Admin Console",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_name": "Access Manager",
                                "version_value": "4.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CSRF"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.netiq.com/support/kb/doc.php?id=7022725",
                  "refsource": "CONFIRM",
                  "url": "https://www.netiq.com/support/kb/doc.php?id=7022725"
                },
                {
                  "name": "103420",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103420"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Apply 4.4 SP1."
              }
            ],
            "source": {
              "advisory": "https://www.netiq.com/support/kb/doc.php?id=7022725",
              "defect": [
                "CSRF"
              ],
              "discovery": "INTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Apply 4.4 SP1."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-7677",
        "datePublished": "2018-03-14T15:00:00.000Z",
        "dateReserved": "2018-03-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:31:05.048Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9276 (GCVE-0-2017-9276)

    Vulnerability from nvd – Published: 2018-03-02 20:00 – Updated: 2024-09-17 03:48
    VLAI
    Title
    XSS Vulnerability in iManager
    Summary
    Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    NetIQ Access Manager Affected: unspecified , < 4.3.3 (custom)
    Create a notification for this product.
    Date Public
    2017-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:02:44.180Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7022359"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Access Manager",
              "vendor": "NetIQ",
              "versions": [
                {
                  "lessThan": "4.3.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the \"a\" parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:33.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7022359"
            }
          ],
          "source": {
            "advisory": "7022359",
            "defect": [
              "1044115"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "XSS Vulnerability in iManager",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
              "ID": "CVE-2017-9276",
              "STATE": "PUBLIC",
              "TITLE": "XSS Vulnerability in iManager"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "4.3.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the \"a\" parameter."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7022359",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7022359"
                }
              ]
            },
            "source": {
              "advisory": "7022359",
              "defect": [
                "1044115"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-9276",
        "datePublished": "2018-03-02T20:00:00.000Z",
        "dateReserved": "2017-05-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:48:57.392Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7419 (GCVE-0-2017-7419)

    Vulnerability from nvd – Published: 2018-03-02 20:00 – Updated: 2024-09-16 17:29
    VLAI
    Title
    NetIQ Access Manager OAuth Consent screen XSS attack
    Summary
    A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.
    CWE
    • cross site scripting attack
    • CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    NetIQ Access Manager Affected: 4.3 , < 4.3.2 (custom)
    Affected: 4.2 , < 4.2.4 (custom)
    Create a notification for this product.
    Date Public
    2017-06-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:04:11.275Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1031853"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7019893"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Access Manager",
              "vendor": "NetIQ",
              "versions": [
                {
                  "lessThan": "4.3.2",
                  "status": "affected",
                  "version": "4.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.4",
                  "status": "affected",
                  "version": "4.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped \"description\" field that could be specified by the provider."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "cross site scripting attack",
                  "lang": "en",
                  "type": "text"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:40.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1031853"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7019893"
            }
          ],
          "source": {
            "advisory": "7019893",
            "defect": [
              "1031853"
            ],
            "discovery": "INTERNAL"
          },
          "title": "NetIQ Access Manager OAuth Consent screen XSS attack",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2017-06-09T00:00:00.000Z",
              "ID": "CVE-2017-7419",
              "STATE": "PUBLIC",
              "TITLE": "NetIQ Access Manager OAuth Consent screen XSS attack"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "4.3",
                                "version_value": "4.3.2"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "4.2",
                                "version_value": "4.2.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped \"description\" field that could be specified by the provider."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "cross site scripting attack"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1031853",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1031853"
                },
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7019893",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7019893"
                }
              ]
            },
            "source": {
              "advisory": "7019893",
              "defect": [
                "1031853"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-7419",
        "datePublished": "2018-03-02T20:00:00.000Z",
        "dateReserved": "2017-04-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:29:02.147Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14802 (GCVE-0-2017-14802)

    Vulnerability from nvd – Published: 2018-03-02 20:00 – Updated: 2024-09-17 02:41
    VLAI
    Title
    Unvalidated Redirect in NetIQ Access Manager after upgrading to NAM 4.3 AC and IDP URLs
    Summary
    Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites.
    CWE
    • redirect to untrusted sites
    • CWE-601
    Assigner
    References
    Impacted products
    Vendor Product Version
    NetIQ Access Manager Affected: 4.3 , < 4.3.3 (custom)
    Create a notification for this product.
    Date Public
    2017-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:34:39.997Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7022360"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Access Manager",
              "vendor": "NetIQ",
              "versions": [
                {
                  "lessThan": "4.3.3",
                  "status": "affected",
                  "version": "4.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "redirect to untrusted sites",
                  "lang": "en",
                  "type": "text"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:26.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7022360"
            }
          ],
          "source": {
            "advisory": "7022360",
            "discovery": "EXTERNAL"
          },
          "title": "Unvalidated Redirect in NetIQ Access Manager after upgrading to NAM 4.3 AC and IDP URLs",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
              "ID": "CVE-2017-14802",
              "STATE": "PUBLIC",
              "TITLE": "Unvalidated Redirect in NetIQ Access Manager after upgrading to NAM 4.3 AC and IDP URLs"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "4.3",
                                "version_value": "4.3.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "redirect to untrusted sites"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-601"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7022360",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7022360"
                }
              ]
            },
            "source": {
              "advisory": "7022360",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-14802",
        "datePublished": "2018-03-02T20:00:00.000Z",
        "dateReserved": "2017-09-27T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:41:52.181Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14801 (GCVE-0-2017-14801)

    Vulnerability from nvd – Published: 2018-03-02 20:00 – Updated: 2024-09-17 03:03
    VLAI
    Title
    Reflected xss in Admin Console REST interface
    Summary
    Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter.
    CWE
    • Reflected cross site scripting
    • CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    NetIQ Access Manager Affected: 4.3 , < 4.3.3 (custom)
    Create a notification for this product.
    Date Public
    2017-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:34:39.941Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7022357"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Access Manager",
              "vendor": "NetIQ",
              "versions": [
                {
                  "lessThan": "4.3.3",
                  "status": "affected",
                  "version": "4.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Reflected cross site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:26.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7022357"
            }
          ],
          "source": {
            "advisory": "7022357",
            "discovery": "UNKNOWN"
          },
          "title": "Reflected xss in Admin Console REST interface",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
              "ID": "CVE-2017-14801",
              "STATE": "PUBLIC",
              "TITLE": "Reflected xss in Admin Console REST interface"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "4.3",
                                "version_value": "4.3.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Reflected cross site scripting"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7022357",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7022357"
                }
              ]
            },
            "source": {
              "advisory": "7022357",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-14801",
        "datePublished": "2018-03-02T20:00:00.000Z",
        "dateReserved": "2017-09-27T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:03:50.688Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14800 (GCVE-0-2017-14800)

    Vulnerability from nvd – Published: 2018-03-01 19:00 – Updated: 2024-09-16 20:31
    VLAI
    Title
    Reflected xss on Access Manager iManager UI
    Summary
    A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users.
    CWE
    • reflected cross site scripting attack
    Assigner
    References
    Impacted products
    Vendor Product Version
    NetIQ Access Manager Affected: 4.3 , < 4.3.3 (custom)
    Create a notification for this product.
    Date Public
    2017-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:34:40.340Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7022356"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Access Manager",
              "vendor": "NetIQ",
              "versions": [
                {
                  "lessThan": "4.3.3",
                  "status": "affected",
                  "version": "4.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the \"typecontainerid\" parameter of the policy editor could allowed code injection into pages of authenticated users."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "reflected cross site scripting attack",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:51.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7022356"
            }
          ],
          "source": {
            "advisory": "7022356",
            "discovery": "UNKNOWN"
          },
          "title": "Reflected xss on Access Manager iManager UI",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
              "ID": "CVE-2017-14800",
              "STATE": "PUBLIC",
              "TITLE": "Reflected xss on Access Manager iManager UI"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "4.3",
                                "version_value": "4.3.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the \"typecontainerid\" parameter of the policy editor could allowed code injection into pages of authenticated users."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "reflected cross site scripting attack"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7022356",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7022356"
                }
              ]
            },
            "source": {
              "advisory": "7022356",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-14800",
        "datePublished": "2018-03-01T19:00:00.000Z",
        "dateReserved": "2017-09-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:31:45.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14799 (GCVE-0-2017-14799)

    Vulnerability from nvd – Published: 2018-03-01 19:00 – Updated: 2024-09-16 17:23
    VLAI
    Title
    XSS Vulnerability with ESP URL
    Summary
    A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page.
    CWE
    • cross site scripting attack in the login parameter handling due to incorrect quoting
    Assigner
    References
    Impacted products
    Vendor Product Version
    NetIQ Access Manager Affected: 4.3 , < 4.3.3 (custom)
    Create a notification for this product.
    Date Public
    2017-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:34:40.366Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7022358"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Access Manager",
              "vendor": "NetIQ",
              "versions": [
                {
                  "lessThan": "4.3.3",
                  "status": "affected",
                  "version": "4.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "cross site scripting attack in the login parameter handling due to incorrect quoting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:16:07.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7022358"
            }
          ],
          "source": {
            "advisory": "7022358",
            "discovery": "EXTERNAL"
          },
          "title": "XSS Vulnerability with ESP URL",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
              "ID": "CVE-2017-14799",
              "STATE": "PUBLIC",
              "TITLE": "XSS Vulnerability with ESP URL"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "4.3",
                                "version_value": "4.3.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "cross site scripting attack in the login parameter handling due to incorrect quoting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7022358",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7022358"
                }
              ]
            },
            "source": {
              "advisory": "7022358",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-14799",
        "datePublished": "2018-03-01T19:00:00.000Z",
        "dateReserved": "2017-09-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:23:57.367Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1342 (GCVE-0-2018-1342)

    Vulnerability from nvd – Published: 2018-01-26 02:00 – Updated: 2024-09-16 16:43
    VLAI
    Summary
    A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary file upload to the Admin Console server
    Assigner
    References
    Impacted products
    Date Public
    2017-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:59:38.608Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7022444"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NetIQ Access Manager, Administrative Console",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.3"
                },
                {
                  "status": "affected",
                  "version": "4.4"
                }
              ]
            }
          ],
          "datePublic": "2017-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary file upload to the Admin Console server",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:37.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7022444"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2017-12-08T00:00:00",
              "ID": "CVE-2018-1342",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NetIQ Access Manager, Administrative Console",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.3"
                              },
                              {
                                "version_value": "4.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary file upload to the Admin Console server"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7022444",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7022444"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-1342",
        "datePublished": "2018-01-26T02:00:00.000Z",
        "dateReserved": "2017-12-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:43:19.334Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14803 (GCVE-0-2017-14803)

    Vulnerability from nvd – Published: 2018-01-20 00:00 – Updated: 2024-09-16 23:06
    VLAI
    Summary
    In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system.
    Severity
    No CVSS data available.
    CWE
    • Directory Traversal Information Disclosure Vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus NetIQ Access Manager Affected: 4.3
    Affected: 4.4
    Create a notification for this product.
    Date Public
    2017-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:34:39.928Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7022443"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NetIQ Access Manager",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.3"
                },
                {
                  "status": "affected",
                  "version": "4.4"
                }
              ]
            }
          ],
          "datePublic": "2017-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory Traversal Information Disclosure Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:32.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7022443"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2017-12-08T00:00:00",
              "ID": "CVE-2017-14803",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NetIQ Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.3"
                              },
                              {
                                "version_value": "4.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory Traversal Information Disclosure Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7022443",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7022443"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-14803",
        "datePublished": "2018-01-20T00:00:00.000Z",
        "dateReserved": "2017-09-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:06:39.488Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-5191 (GCVE-0-2017-5191)

    Vulnerability from nvd – Published: 2017-04-24 18:00 – Updated: 2024-08-05 14:55
    VLAI
    Summary
    An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.
    Severity
    No CVSS data available.
    CWE
    • XSS
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a NetIQ Access Manager 4.2 and NetIQ Access Manager 4.3 Affected: NetIQ Access Manager 4.2 and NetIQ Access Manager 4.3
    Date Public
    2017-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:55:35.459Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7018793"
              },
              {
                "name": "98093",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98093"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NetIQ Access Manager 4.2 and NetIQ Access Manager 4.3",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "NetIQ Access Manager 4.2 and NetIQ Access Manager 4.3"
                }
              ]
            }
          ],
          "datePublic": "2017-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XSS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:25.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7018793"
            },
            {
              "name": "98093",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98093"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2017-5191",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NetIQ Access Manager 4.2 and NetIQ Access Manager 4.3",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "NetIQ Access Manager 4.2 and NetIQ Access Manager 4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XSS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7018793",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7018793"
                },
                {
                  "name": "98093",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98093"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-5191",
        "datePublished": "2017-04-24T18:00:00.000Z",
        "dateReserved": "2017-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:55:35.459Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-5183 (GCVE-0-2017-5183)

    Vulnerability from nvd – Published: 2017-04-20 18:00 – Updated: 2024-08-05 14:55
    VLAI
    Summary
    NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document.
    Severity
    No CVSS data available.
    CWE
    • SAML2 mishandling
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Identity Server Affected: Identity Server
    Date Public
    2017-04-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:55:35.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7018509"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Identity Server",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Identity Server"
                }
              ]
            }
          ],
          "datePublic": "2017-04-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SAML2 mishandling",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:16:08.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7018509"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2017-5183",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Identity Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Identity Server"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SAML2 mishandling"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7018509",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7018509"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-5183",
        "datePublished": "2017-04-20T18:00:00.000Z",
        "dateReserved": "2017-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:55:35.391Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-5190 (GCVE-0-2017-5190)

    Vulnerability from nvd – Published: 2017-04-20 15:00 – Updated: 2024-08-05 14:55
    VLAI
    Summary
    NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile.
    Severity
    No CVSS data available.
    CWE
    • Information leakage
    Assigner
    References
    URL Tags
    https://www.novell.com/support/kb/doc.php?id=7018792 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/97965 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1038338 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    n/a NAM Identity Server and SAML2 Service Provider Affected: NAM Identity Server and SAML2 Service Provider
    Date Public
    2017-04-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:55:35.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7018792"
              },
              {
                "name": "97965",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97965"
              },
              {
                "name": "1038338",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038338"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NAM Identity Server and SAML2 Service Provider",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "NAM Identity Server and SAML2 Service Provider"
                }
              ]
            }
          ],
          "datePublic": "2017-04-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information leakage",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:28.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7018792"
            },
            {
              "name": "97965",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97965"
            },
            {
              "name": "1038338",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038338"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2017-5190",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NAM Identity Server and SAML2 Service Provider",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "NAM Identity Server and SAML2 Service Provider"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information leakage"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7018792",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7018792"
                },
                {
                  "name": "97965",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97965"
                },
                {
                  "name": "1038338",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038338"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-5190",
        "datePublished": "2017-04-20T15:00:00.000Z",
        "dateReserved": "2017-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:55:35.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5758 (GCVE-0-2016-5758)

    Vulnerability from nvd – Published: 2017-03-23 06:36 – Updated: 2024-08-06 01:15
    VLAI
    Summary
    A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load.
    Severity
    No CVSS data available.
    CWE
    • cross site request forgery
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a NetIQ Access Manager Affected: NetIQ Access Manager
    Date Public
    2017-03-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:15:10.652Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7017817"
              },
              {
                "name": "97035",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97035"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NetIQ Access Manager",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "NetIQ Access Manager"
                }
              ]
            }
          ],
          "datePublic": "2017-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "cross site request forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:35.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7017817"
            },
            {
              "name": "97035",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97035"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "ID": "CVE-2016-5758",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NetIQ Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "NetIQ Access Manager"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "cross site request forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7017817",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7017817"
                },
                {
                  "name": "97035",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97035"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2016-5758",
        "datePublished": "2017-03-23T06:36:00.000Z",
        "dateReserved": "2016-06-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:15:10.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5757 (GCVE-0-2016-5757)

    Vulnerability from nvd – Published: 2017-03-23 06:36 – Updated: 2024-08-06 01:15
    VLAI
    Summary
    iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials.
    Severity
    No CVSS data available.
    CWE
    • iFrame manipulation
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a NetIQ Access Manager Affected: NetIQ Access Manager
    Date Public
    2017-03-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:15:10.625Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7017818"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NetIQ Access Manager",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "NetIQ Access Manager"
                }
              ]
            }
          ],
          "datePublic": "2017-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "iFrame manipulation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:56.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7017818"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "ID": "CVE-2016-5757",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NetIQ Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "NetIQ Access Manager"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "iFrame manipulation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7017818",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7017818"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2016-5757",
        "datePublished": "2017-03-23T06:36:00.000Z",
        "dateReserved": "2016-06-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:15:10.625Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11843 (GCVE-0-2020-11843)

    Vulnerability from cvelistv5 – Published: 2024-06-11 07:23 – Updated: 2024-08-04 11:42
    VLAI
    Title
    Potential information leakage in administrator enabled debug mode
    Summary
    This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    OpenText NetIQ Access Manager Affected: 4.5 , < < (server)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-11843",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-12T19:48:24.994478Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-12T19:48:33.709Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:42:00.107Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/access-manager-45/accessmanager452-hf1-release-notes/data/accessmanager452-hf1-release-notes.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/access-manager-44/accessmanager444-hf3-release-notes/data/accessmanager444-hf3-release-notes.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux"
              ],
              "product": "NetIQ Access Manager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThan": "\u003c",
                  "status": "affected",
                  "version": "4.5",
                  "versionType": "server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "This allows the information exposure to unauthorized users.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects NetIQ Access Manager using version 4.5 or before\u0026nbsp;\u003c/span\u003e"
                }
              ],
              "value": "This allows the information exposure to unauthorized users.\u00a0This issue affects NetIQ Access Manager using version 4.5 or before"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-410",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-410 Information Elicitation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T07:23:38.502Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/access-manager-45/accessmanager452-hf1-release-notes/data/accessmanager452-hf1-release-notes.html"
            },
            {
              "url": "https://www.netiq.com/documentation/access-manager-44/accessmanager444-hf3-release-notes/data/accessmanager444-hf3-release-notes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Potential information leakage in administrator enabled debug mode",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2020-11843",
        "datePublished": "2024-06-11T07:23:38.502Z",
        "dateReserved": "2020-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-04T11:42:00.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7677 (GCVE-0-2018-7677)

    Vulnerability from cvelistv5 – Published: 2018-03-14 15:00 – Updated: 2024-08-05 06:31
    VLAI
    Title
    CSRF in NetIQ Access Manager (NAM) Identity Server component
    Summary
    A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.
    CWE
    • CSRF
    Assigner
    References
    Impacted products
    Date Public
    2018-03-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:31:05.048Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/support/kb/doc.php?id=7022725"
              },
              {
                "name": "103420",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103420"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NetIQ Access Manager (NAM) Admin Console",
              "vendor": "NetIQ",
              "versions": [
                {
                  "status": "affected",
                  "version": "Access Manager 4.4"
                }
              ]
            }
          ],
          "datePublic": "2018-03-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CSRF",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:47.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.netiq.com/support/kb/doc.php?id=7022725"
            },
            {
              "name": "103420",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103420"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Apply 4.4 SP1."
            }
          ],
          "source": {
            "advisory": "https://www.netiq.com/support/kb/doc.php?id=7022725",
            "defect": [
              "CSRF"
            ],
            "discovery": "INTERNAL"
          },
          "title": "CSRF in NetIQ Access Manager (NAM) Identity Server component",
          "workarounds": [
            {
              "lang": "en",
              "value": "Apply 4.4 SP1."
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2018-7677",
              "STATE": "PUBLIC",
              "TITLE": "CSRF in NetIQ Access Manager (NAM) Identity Server component"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NetIQ Access Manager (NAM) Admin Console",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_name": "Access Manager",
                                "version_value": "4.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CSRF"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.netiq.com/support/kb/doc.php?id=7022725",
                  "refsource": "CONFIRM",
                  "url": "https://www.netiq.com/support/kb/doc.php?id=7022725"
                },
                {
                  "name": "103420",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103420"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Apply 4.4 SP1."
              }
            ],
            "source": {
              "advisory": "https://www.netiq.com/support/kb/doc.php?id=7022725",
              "defect": [
                "CSRF"
              ],
              "discovery": "INTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Apply 4.4 SP1."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-7677",
        "datePublished": "2018-03-14T15:00:00.000Z",
        "dateReserved": "2018-03-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:31:05.048Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7678 (GCVE-0-2018-7678)

    Vulnerability from cvelistv5 – Published: 2018-03-14 15:00 – Updated: 2024-08-05 06:31
    VLAI
    Title
    XSS vulnerability in NetIQ Access Manager (NAM) Admin Console component
    Summary
    A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.
    CWE
    • XSS
    Assigner
    References
    Impacted products
    Vendor Product Version
    NetIQ NetIQ Access Manager (NAM) Admin Console Affected: Access Manager 4.4
    Affected: Access Manager 4.3
    Create a notification for this product.
    Date Public
    2018-03-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:31:05.113Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/support/kb/doc.php?id=7022724"
              },
              {
                "name": "103421",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103421"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NetIQ Access Manager (NAM) Admin Console",
              "vendor": "NetIQ",
              "versions": [
                {
                  "status": "affected",
                  "version": "Access Manager 4.4"
                },
                {
                  "status": "affected",
                  "version": "Access Manager 4.3"
                }
              ]
            }
          ],
          "datePublic": "2018-03-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XSS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:16:07.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.netiq.com/support/kb/doc.php?id=7022724"
            },
            {
              "name": "103421",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103421"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Apply 4.4 SP1."
            }
          ],
          "source": {
            "advisory": "https://www.netiq.com/support/kb/doc.php?id=7022724",
            "defect": [
              "XSS",
              "vulnerability"
            ],
            "discovery": "INTERNAL"
          },
          "title": "XSS vulnerability in NetIQ Access Manager (NAM) Admin Console component",
          "workarounds": [
            {
              "lang": "en",
              "value": "Apply 4.4 SP1."
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2018-7678",
              "STATE": "PUBLIC",
              "TITLE": "XSS vulnerability in NetIQ Access Manager (NAM) Admin Console component"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NetIQ Access Manager (NAM) Admin Console",
                          "version": {
                            "version_data": [
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_name": "Access Manager",
                                "version_value": "4.4"
                              },
                              {
                                "affected": "=",
                                "version_affected": "=",
                                "version_name": "Access Manager",
                                "version_value": "4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XSS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.netiq.com/support/kb/doc.php?id=7022724",
                  "refsource": "CONFIRM",
                  "url": "https://www.netiq.com/support/kb/doc.php?id=7022724"
                },
                {
                  "name": "103421",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103421"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Apply 4.4 SP1."
              }
            ],
            "source": {
              "advisory": "https://www.netiq.com/support/kb/doc.php?id=7022724",
              "defect": [
                "XSS",
                "vulnerability"
              ],
              "discovery": "INTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Apply 4.4 SP1."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-7678",
        "datePublished": "2018-03-14T15:00:00.000Z",
        "dateReserved": "2018-03-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:31:05.113Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14802 (GCVE-0-2017-14802)

    Vulnerability from cvelistv5 – Published: 2018-03-02 20:00 – Updated: 2024-09-17 02:41
    VLAI
    Title
    Unvalidated Redirect in NetIQ Access Manager after upgrading to NAM 4.3 AC and IDP URLs
    Summary
    Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites.
    CWE
    • redirect to untrusted sites
    • CWE-601
    Assigner
    References
    Impacted products
    Vendor Product Version
    NetIQ Access Manager Affected: 4.3 , < 4.3.3 (custom)
    Create a notification for this product.
    Date Public
    2017-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:34:39.997Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7022360"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Access Manager",
              "vendor": "NetIQ",
              "versions": [
                {
                  "lessThan": "4.3.3",
                  "status": "affected",
                  "version": "4.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "redirect to untrusted sites",
                  "lang": "en",
                  "type": "text"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:26.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7022360"
            }
          ],
          "source": {
            "advisory": "7022360",
            "discovery": "EXTERNAL"
          },
          "title": "Unvalidated Redirect in NetIQ Access Manager after upgrading to NAM 4.3 AC and IDP URLs",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
              "ID": "CVE-2017-14802",
              "STATE": "PUBLIC",
              "TITLE": "Unvalidated Redirect in NetIQ Access Manager after upgrading to NAM 4.3 AC and IDP URLs"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "4.3",
                                "version_value": "4.3.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "redirect to untrusted sites"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-601"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7022360",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7022360"
                }
              ]
            },
            "source": {
              "advisory": "7022360",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-14802",
        "datePublished": "2018-03-02T20:00:00.000Z",
        "dateReserved": "2017-09-27T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:41:52.181Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7419 (GCVE-0-2017-7419)

    Vulnerability from cvelistv5 – Published: 2018-03-02 20:00 – Updated: 2024-09-16 17:29
    VLAI
    Title
    NetIQ Access Manager OAuth Consent screen XSS attack
    Summary
    A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.
    CWE
    • cross site scripting attack
    • CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    NetIQ Access Manager Affected: 4.3 , < 4.3.2 (custom)
    Affected: 4.2 , < 4.2.4 (custom)
    Create a notification for this product.
    Date Public
    2017-06-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:04:11.275Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1031853"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7019893"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Access Manager",
              "vendor": "NetIQ",
              "versions": [
                {
                  "lessThan": "4.3.2",
                  "status": "affected",
                  "version": "4.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.4",
                  "status": "affected",
                  "version": "4.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped \"description\" field that could be specified by the provider."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "cross site scripting attack",
                  "lang": "en",
                  "type": "text"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:40.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1031853"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7019893"
            }
          ],
          "source": {
            "advisory": "7019893",
            "defect": [
              "1031853"
            ],
            "discovery": "INTERNAL"
          },
          "title": "NetIQ Access Manager OAuth Consent screen XSS attack",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2017-06-09T00:00:00.000Z",
              "ID": "CVE-2017-7419",
              "STATE": "PUBLIC",
              "TITLE": "NetIQ Access Manager OAuth Consent screen XSS attack"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "4.3",
                                "version_value": "4.3.2"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "4.2",
                                "version_value": "4.2.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped \"description\" field that could be specified by the provider."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "cross site scripting attack"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1031853",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1031853"
                },
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7019893",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7019893"
                }
              ]
            },
            "source": {
              "advisory": "7019893",
              "defect": [
                "1031853"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-7419",
        "datePublished": "2018-03-02T20:00:00.000Z",
        "dateReserved": "2017-04-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:29:02.147Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9276 (GCVE-0-2017-9276)

    Vulnerability from cvelistv5 – Published: 2018-03-02 20:00 – Updated: 2024-09-17 03:48
    VLAI
    Title
    XSS Vulnerability in iManager
    Summary
    Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    NetIQ Access Manager Affected: unspecified , < 4.3.3 (custom)
    Create a notification for this product.
    Date Public
    2017-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:02:44.180Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7022359"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Access Manager",
              "vendor": "NetIQ",
              "versions": [
                {
                  "lessThan": "4.3.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the \"a\" parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:33.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7022359"
            }
          ],
          "source": {
            "advisory": "7022359",
            "defect": [
              "1044115"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "XSS Vulnerability in iManager",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
              "ID": "CVE-2017-9276",
              "STATE": "PUBLIC",
              "TITLE": "XSS Vulnerability in iManager"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "4.3.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the \"a\" parameter."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7022359",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7022359"
                }
              ]
            },
            "source": {
              "advisory": "7022359",
              "defect": [
                "1044115"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-9276",
        "datePublished": "2018-03-02T20:00:00.000Z",
        "dateReserved": "2017-05-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:48:57.392Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14801 (GCVE-0-2017-14801)

    Vulnerability from cvelistv5 – Published: 2018-03-02 20:00 – Updated: 2024-09-17 03:03
    VLAI
    Title
    Reflected xss in Admin Console REST interface
    Summary
    Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter.
    CWE
    • Reflected cross site scripting
    • CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    NetIQ Access Manager Affected: 4.3 , < 4.3.3 (custom)
    Create a notification for this product.
    Date Public
    2017-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:34:39.941Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7022357"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Access Manager",
              "vendor": "NetIQ",
              "versions": [
                {
                  "lessThan": "4.3.3",
                  "status": "affected",
                  "version": "4.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Reflected cross site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:26.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7022357"
            }
          ],
          "source": {
            "advisory": "7022357",
            "discovery": "UNKNOWN"
          },
          "title": "Reflected xss in Admin Console REST interface",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
              "ID": "CVE-2017-14801",
              "STATE": "PUBLIC",
              "TITLE": "Reflected xss in Admin Console REST interface"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "4.3",
                                "version_value": "4.3.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Reflected cross site scripting"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7022357",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7022357"
                }
              ]
            },
            "source": {
              "advisory": "7022357",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-14801",
        "datePublished": "2018-03-02T20:00:00.000Z",
        "dateReserved": "2017-09-27T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:03:50.688Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14800 (GCVE-0-2017-14800)

    Vulnerability from cvelistv5 – Published: 2018-03-01 19:00 – Updated: 2024-09-16 20:31
    VLAI
    Title
    Reflected xss on Access Manager iManager UI
    Summary
    A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users.
    CWE
    • reflected cross site scripting attack
    Assigner
    References
    Impacted products
    Vendor Product Version
    NetIQ Access Manager Affected: 4.3 , < 4.3.3 (custom)
    Create a notification for this product.
    Date Public
    2017-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:34:40.340Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7022356"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Access Manager",
              "vendor": "NetIQ",
              "versions": [
                {
                  "lessThan": "4.3.3",
                  "status": "affected",
                  "version": "4.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the \"typecontainerid\" parameter of the policy editor could allowed code injection into pages of authenticated users."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "reflected cross site scripting attack",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:51.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7022356"
            }
          ],
          "source": {
            "advisory": "7022356",
            "discovery": "UNKNOWN"
          },
          "title": "Reflected xss on Access Manager iManager UI",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
              "ID": "CVE-2017-14800",
              "STATE": "PUBLIC",
              "TITLE": "Reflected xss on Access Manager iManager UI"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "4.3",
                                "version_value": "4.3.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the \"typecontainerid\" parameter of the policy editor could allowed code injection into pages of authenticated users."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "reflected cross site scripting attack"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7022356",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7022356"
                }
              ]
            },
            "source": {
              "advisory": "7022356",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-14800",
        "datePublished": "2018-03-01T19:00:00.000Z",
        "dateReserved": "2017-09-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:31:45.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14799 (GCVE-0-2017-14799)

    Vulnerability from cvelistv5 – Published: 2018-03-01 19:00 – Updated: 2024-09-16 17:23
    VLAI
    Title
    XSS Vulnerability with ESP URL
    Summary
    A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page.
    CWE
    • cross site scripting attack in the login parameter handling due to incorrect quoting
    Assigner
    References
    Impacted products
    Vendor Product Version
    NetIQ Access Manager Affected: 4.3 , < 4.3.3 (custom)
    Create a notification for this product.
    Date Public
    2017-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:34:40.366Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7022358"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Access Manager",
              "vendor": "NetIQ",
              "versions": [
                {
                  "lessThan": "4.3.3",
                  "status": "affected",
                  "version": "4.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "cross site scripting attack in the login parameter handling due to incorrect quoting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:16:07.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7022358"
            }
          ],
          "source": {
            "advisory": "7022358",
            "discovery": "EXTERNAL"
          },
          "title": "XSS Vulnerability with ESP URL",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2017-11-20T00:00:00.000Z",
              "ID": "CVE-2017-14799",
              "STATE": "PUBLIC",
              "TITLE": "XSS Vulnerability with ESP URL"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "4.3",
                                "version_value": "4.3.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "cross site scripting attack in the login parameter handling due to incorrect quoting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7022358",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7022358"
                }
              ]
            },
            "source": {
              "advisory": "7022358",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-14799",
        "datePublished": "2018-03-01T19:00:00.000Z",
        "dateReserved": "2017-09-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:23:57.367Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1342 (GCVE-0-2018-1342)

    Vulnerability from cvelistv5 – Published: 2018-01-26 02:00 – Updated: 2024-09-16 16:43
    VLAI
    Summary
    A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console.
    Severity
    No CVSS data available.
    CWE
    • Arbitrary file upload to the Admin Console server
    Assigner
    References
    Impacted products
    Date Public
    2017-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:59:38.608Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7022444"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NetIQ Access Manager, Administrative Console",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.3"
                },
                {
                  "status": "affected",
                  "version": "4.4"
                }
              ]
            }
          ],
          "datePublic": "2017-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary file upload to the Admin Console server",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:37.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7022444"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2017-12-08T00:00:00",
              "ID": "CVE-2018-1342",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NetIQ Access Manager, Administrative Console",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.3"
                              },
                              {
                                "version_value": "4.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary file upload to the Admin Console server"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7022444",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7022444"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-1342",
        "datePublished": "2018-01-26T02:00:00.000Z",
        "dateReserved": "2017-12-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:43:19.334Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-14803 (GCVE-0-2017-14803)

    Vulnerability from cvelistv5 – Published: 2018-01-20 00:00 – Updated: 2024-09-16 23:06
    VLAI
    Summary
    In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system.
    Severity
    No CVSS data available.
    CWE
    • Directory Traversal Information Disclosure Vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus NetIQ Access Manager Affected: 4.3
    Affected: 4.4
    Create a notification for this product.
    Date Public
    2017-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:34:39.928Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7022443"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NetIQ Access Manager",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.3"
                },
                {
                  "status": "affected",
                  "version": "4.4"
                }
              ]
            }
          ],
          "datePublic": "2017-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory Traversal Information Disclosure Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:32.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7022443"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2017-12-08T00:00:00",
              "ID": "CVE-2017-14803",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NetIQ Access Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.3"
                              },
                              {
                                "version_value": "4.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory Traversal Information Disclosure Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7022443",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7022443"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-14803",
        "datePublished": "2018-01-20T00:00:00.000Z",
        "dateReserved": "2017-09-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:06:39.488Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-5191 (GCVE-0-2017-5191)

    Vulnerability from cvelistv5 – Published: 2017-04-24 18:00 – Updated: 2024-08-05 14:55
    VLAI
    Summary
    An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.
    Severity
    No CVSS data available.
    CWE
    • XSS
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a NetIQ Access Manager 4.2 and NetIQ Access Manager 4.3 Affected: NetIQ Access Manager 4.2 and NetIQ Access Manager 4.3
    Date Public
    2017-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:55:35.459Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7018793"
              },
              {
                "name": "98093",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98093"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NetIQ Access Manager 4.2 and NetIQ Access Manager 4.3",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "NetIQ Access Manager 4.2 and NetIQ Access Manager 4.3"
                }
              ]
            }
          ],
          "datePublic": "2017-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XSS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:25.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7018793"
            },
            {
              "name": "98093",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98093"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2017-5191",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NetIQ Access Manager 4.2 and NetIQ Access Manager 4.3",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "NetIQ Access Manager 4.2 and NetIQ Access Manager 4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XSS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7018793",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7018793"
                },
                {
                  "name": "98093",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98093"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-5191",
        "datePublished": "2017-04-24T18:00:00.000Z",
        "dateReserved": "2017-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:55:35.459Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-5183 (GCVE-0-2017-5183)

    Vulnerability from cvelistv5 – Published: 2017-04-20 18:00 – Updated: 2024-08-05 14:55
    VLAI
    Summary
    NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document.
    Severity
    No CVSS data available.
    CWE
    • SAML2 mishandling
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Identity Server Affected: Identity Server
    Date Public
    2017-04-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:55:35.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7018509"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Identity Server",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Identity Server"
                }
              ]
            }
          ],
          "datePublic": "2017-04-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SAML2 mishandling",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:16:08.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7018509"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2017-5183",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Identity Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Identity Server"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SAML2 mishandling"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7018509",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7018509"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-5183",
        "datePublished": "2017-04-20T18:00:00.000Z",
        "dateReserved": "2017-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:55:35.391Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-5190 (GCVE-0-2017-5190)

    Vulnerability from cvelistv5 – Published: 2017-04-20 15:00 – Updated: 2024-08-05 14:55
    VLAI
    Summary
    NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile.
    Severity
    No CVSS data available.
    CWE
    • Information leakage
    Assigner
    References
    URL Tags
    https://www.novell.com/support/kb/doc.php?id=7018792 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/97965 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1038338 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    n/a NAM Identity Server and SAML2 Service Provider Affected: NAM Identity Server and SAML2 Service Provider
    Date Public
    2017-04-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:55:35.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7018792"
              },
              {
                "name": "97965",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97965"
              },
              {
                "name": "1038338",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038338"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NAM Identity Server and SAML2 Service Provider",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "NAM Identity Server and SAML2 Service Provider"
                }
              ]
            }
          ],
          "datePublic": "2017-04-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information leakage",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:28.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7018792"
            },
            {
              "name": "97965",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97965"
            },
            {
              "name": "1038338",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038338"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2017-5190",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NAM Identity Server and SAML2 Service Provider",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "NAM Identity Server and SAML2 Service Provider"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information leakage"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7018792",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7018792"
                },
                {
                  "name": "97965",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97965"
                },
                {
                  "name": "1038338",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038338"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-5190",
        "datePublished": "2017-04-20T15:00:00.000Z",
        "dateReserved": "2017-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:55:35.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }