Search

Find a vulnerability

Search criteria

    32 vulnerabilities found for edirectory by microfocus

    CVE-2021-38133 (GCVE-0-2021-38133)

    Vulnerability from nvd – Published: 2024-09-12 12:41 – Updated: 2024-09-12 12:58
    VLAI
    Title
    Possible Improper authentication Vulnerability in OpenText eDirectory
    Summary
    Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    Impacted products
    Vendor Product Version
    OpenText eDirectory Affected: 9.2.0 , ≤ 9.2.5.0000 (rpm, exe)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38133",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T12:58:03.843046Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T12:58:13.205Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "eDirectory",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "9.2.5.0000",
                  "status": "affected",
                  "version": "9.2.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible \nExternal Service Interaction attack\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u0026nbsp;\u003c/strong\u003e\u003cstrong\u003e9.2.6.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible \nExternal Service Interaction attack\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u00a09.2.6.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-112",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-112 Brute Force"
                }
              ]
            },
            {
              "capecId": "CAPEC-16",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-16 Dictionary-based Password Attack"
                }
              ]
            },
            {
              "capecId": "CAPEC-49",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-49 Password Brute Forcing"
                }
              ]
            },
            {
              "capecId": "CAPEC-70",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-70 Try Common or Default Usernames and Passwords"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-12T12:41:46.807Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible Improper authentication Vulnerability in OpenText eDirectory",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-38133",
        "datePublished": "2024-09-12T12:41:46.807Z",
        "dateReserved": "2021-08-04T20:57:01.491Z",
        "dateUpdated": "2024-09-12T12:58:13.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38132 (GCVE-0-2021-38132)

    Vulnerability from nvd – Published: 2024-09-12 12:42 – Updated: 2024-09-12 13:05
    VLAI
    Title
    Possible External service interaction Vulnerability
    Summary
    Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    OpenText eDirectory Affected: 9.1.2 , ≤ 9.2.5.0000 (rpm, exe)
    Create a notification for this product.
    opentext edirectory Affected: 9.1.2 , ≤ 9.2.5.0000 (rpm)
        cpe:2.3:a:opentext:edirectory:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:opentext:edirectory:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edirectory",
                "vendor": "opentext",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.5.0000",
                    "status": "affected",
                    "version": "9.1.2",
                    "versionType": "rpm"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38132",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T12:57:47.963127Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T13:05:51.351Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "eDirectory",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "9.2.5.0000",
                  "status": "affected",
                  "version": "9.1.2",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible \nExternal Service Interaction attack\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u0026nbsp;\u003c/strong\u003e\u003cstrong\u003e9.2.6.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible \nExternal Service Interaction attack\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u00a09.2.6.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-664",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-664 Server Side Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-12T12:42:19.675Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible External service interaction Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-38132",
        "datePublished": "2024-09-12T12:42:19.675Z",
        "dateReserved": "2021-08-04T20:57:01.491Z",
        "dateUpdated": "2024-09-12T13:05:51.351Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38131 (GCVE-0-2021-38131)

    Vulnerability from nvd – Published: 2024-09-12 12:42 – Updated: 2024-09-12 12:57
    VLAI
    Title
    Cross-Site Scripting (XSS) Vulnerability
    Summary
    Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.5.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText eDirectory Affected: 9.2.0 , ≤ 9.2.5.0000 (rpm, exe)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38131",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T12:56:56.507059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T12:57:07.117Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "eDirectory",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "9.2.5.0000",
                  "status": "affected",
                  "version": "9.2.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible Cross-Site Scripting (XSS) Vulnerability\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eeDirectory 9.2.5.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible Cross-Site Scripting (XSS) Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.5.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-12T12:42:36.704Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting (XSS) Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-38131",
        "datePublished": "2024-09-12T12:42:36.704Z",
        "dateReserved": "2021-08-04T20:57:01.491Z",
        "dateUpdated": "2024-09-12T12:57:07.117Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22533 (GCVE-0-2021-22533)

    Vulnerability from nvd – Published: 2024-09-12 12:43 – Updated: 2024-09-12 13:06
    VLAI
    Title
    Possible Insertion of Sensitive Information into Log File Vulnerability
    Summary
    Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    OpenText eDirectory Affected: 9.2.4.0000 , < < (rpm, exe)
    Create a notification for this product.
    opentext edirectory Affected: 0 , < 9.2.4.0000 (rpm)
        cpe:2.3:a:opentext:edirectory:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:opentext:edirectory:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edirectory",
                "vendor": "opentext",
                "versions": [
                  {
                    "lessThan": "9.2.4.0000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "rpm"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-22533",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T12:56:49.548870Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T13:06:12.575Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "eDirectory",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThan": "\u003c",
                  "status": "affected",
                  "version": "9.2.4.0000",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible Insertion of Sensitive Information into Log File Vulnerability\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 eDirectory 9.2.4.0000\u003cstrong\u003e.\u003c/strong\u003e\u003c/strong\u003e\u003cstrong\u003e\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible Insertion of Sensitive Information into Log File Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.4.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-215",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-215 Fuzzing for application mapping"
                }
              ]
            },
            {
              "capecId": "CAPEC-261",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-261 Fuzzing for garnering other adjacent user/sensitive data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-12T12:43:51.734Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/edirectory-92/edirectory925_releasenotes/data/edirectory925_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible Insertion of Sensitive Information into Log File Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-22533",
        "datePublished": "2024-09-12T12:43:51.734Z",
        "dateReserved": "2021-01-05T18:14:04.352Z",
        "dateUpdated": "2024-09-12T13:06:12.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22532 (GCVE-0-2021-22532)

    Vulnerability from nvd – Published: 2024-09-12 12:44 – Updated: 2024-09-12 12:57
    VLAI
    Title
    Possible NLDAP Denial of Service attack Vulnerability
    Summary
    Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText™ eDirectory before 9.2.4.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    OpenText eDirectory Affected: 9.2.4.0000 , < < (rpm, exe)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-22532",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T12:56:39.146836Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T12:57:35.202Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "eDirectory",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThan": "\u003c",
                  "status": "affected",
                  "version": "9.2.4.0000",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible\u0026nbsp;NLDAP Denial of Service attack Vulnerability\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \n\u003cstrong\u003e\u003c/strong\u003eeDirectory before 9.2.4.0000\u003cstrong\u003e.\u003c/strong\u003e\u003c/strong\u003e\u003cstrong\u003e\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible\u00a0NLDAP Denial of Service attack Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 \neDirectory before 9.2.4.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-125",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-125 Flooding"
                }
              ]
            },
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-12T12:44:20.724Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/edirectory-92/edirectory925_releasenotes/data/edirectory925_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible NLDAP Denial of Service attack Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-22532",
        "datePublished": "2024-09-12T12:44:20.724Z",
        "dateReserved": "2021-01-05T18:14:04.352Z",
        "dateUpdated": "2024-09-12T12:57:35.202Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22503 (GCVE-0-2021-22503)

    Vulnerability from nvd – Published: 2024-09-12 12:44 – Updated: 2024-09-12 12:57
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation Vulnerability
    Summary
    Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.3.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText eDirectory Affected: 9.2.3.0000 , < < (rpm, exe)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-22503",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T12:56:14.643731Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T12:57:21.328Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "eDirectory",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThan": "\u003c",
                  "status": "affected",
                  "version": "9.2.3.0000",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible \nImproper Neutralization of Input During Web Page Generation Vulnerability\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 eDirectory \u003c/strong\u003e\u003cstrong\u003e9.2.3.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible \nImproper Neutralization of Input During Web Page Generation Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.3.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-12T12:44:45.771Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/edirectory-92/edirectory924_releasenotes/data/edirectory924_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Neutralization of Input During Web Page Generation Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-22503",
        "datePublished": "2024-09-12T12:44:45.771Z",
        "dateReserved": "2021-01-05T18:14:04.348Z",
        "dateUpdated": "2024-09-12T12:57:21.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17952 (GCVE-0-2018-17952)

    Vulnerability from nvd – Published: 2018-12-12 14:00 – Updated: 2024-08-05 11:01
    VLAI
    Summary
    Cross site scripting vulnerability in eDirectory prior to 9.1 SP2
    Severity
    No CVSS data available.
    CWE
    • XSS
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus NetIQ eDirectory 9.1 SP2 Affected: All versions prior to version 9.1 SP2
    Create a notification for this product.
    Date Public
    2018-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.599Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NetIQ eDirectory 9.1 SP2",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 9.1 SP2"
                }
              ]
            }
          ],
          "datePublic": "2018-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross site scripting vulnerability in eDirectory prior to 9.1 SP2"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XSS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:48.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2018-17952",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NetIQ eDirectory 9.1 SP2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 9.1 SP2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross site scripting vulnerability in eDirectory prior to 9.1 SP2"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XSS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html",
                  "refsource": "MISC",
                  "url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-17952",
        "datePublished": "2018-12-12T14:00:00.000Z",
        "dateReserved": "2018-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:01:14.599Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17950 (GCVE-0-2018-17950)

    Vulnerability from nvd – Published: 2018-12-12 14:00 – Updated: 2024-08-05 11:01
    VLAI
    Summary
    Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2
    Severity
    No CVSS data available.
    CWE
    • Improper Access
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus NetIQ eDirectory 9.1 SP2 Affected: All versions prior to version 9.1 SP2
    Create a notification for this product.
    Date Public
    2018-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.733Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NetIQ eDirectory 9.1 SP2",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 9.1 SP2"
                }
              ]
            }
          ],
          "datePublic": "2018-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:47.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2018-17950",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NetIQ eDirectory 9.1 SP2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 9.1 SP2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html",
                  "refsource": "MISC",
                  "url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-17950",
        "datePublished": "2018-12-12T14:00:00.000Z",
        "dateReserved": "2018-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:01:14.733Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7692 (GCVE-0-2018-7692)

    Vulnerability from nvd – Published: 2018-08-09 21:00 – Updated: 2024-09-16 19:20
    VLAI
    Summary
    Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.
    Severity
    No CVSS data available.
    CWE
    • Redirection vulnerability.
    Assigner
    References
    Impacted products
    Date Public
    2018-08-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:31:05.138Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NetIQ eDirectory Versions prior to 9.1.1 HF1",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to 9.1.1 HF1"
                }
              ]
            }
          ],
          "datePublic": "2018-08-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Redirection vulnerability.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:42.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2018-08-09T00:00:00",
              "ID": "CVE-2018-7692",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NetIQ eDirectory Versions prior to 9.1.1 HF1",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions prior to 9.1.1 HF1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Redirection vulnerability."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html",
                  "refsource": "MISC",
                  "url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-7692",
        "datePublished": "2018-08-09T21:00:00.000Z",
        "dateReserved": "2018-03-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:20:45.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7686 (GCVE-0-2018-7686)

    Vulnerability from nvd – Published: 2018-08-09 21:00 – Updated: 2024-09-17 03:43
    VLAI
    Summary
    Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
    Severity
    No CVSS data available.
    CWE
    • Information Leakage.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus eDirectory (ZDI) Affected: Versions prior to 9.1.1 HF1
    Create a notification for this product.
    Date Public
    2018-08-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:31:05.261Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eDirectory (ZDI)",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to 9.1.1 HF1"
                }
              ]
            }
          ],
          "datePublic": "2018-08-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Leakage.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:43.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2018-08-09T00:00:00",
              "ID": "CVE-2018-7686",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eDirectory (ZDI)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions prior to 9.1.1 HF1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Leakage."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html",
                  "refsource": "MISC",
                  "url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-7686",
        "datePublished": "2018-08-09T21:00:00.000Z",
        "dateReserved": "2018-03-05T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:43:00.322Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9285 (GCVE-0-2017-9285)

    Vulnerability from nvd – Published: 2018-03-02 20:00 – Updated: 2024-09-17 00:25
    VLAI
    Title
    Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface
    Summary
    NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NetIQ eDirectory Affected: unspecified , < 9.0 SP4 (custom)
    Create a notification for this product.
    Date Public
    2017-10-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:02:44.179Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7016794"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eDirectory",
              "vendor": "NetIQ",
              "versions": [
                {
                  "lessThan": "9.0 SP4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-10-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when \"ebaclient\" was used, allowing unpermitted access to eDirectory services."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Lack of access checks",
                  "lang": "en",
                  "type": "text"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:35.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7016794"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
            }
          ],
          "source": {
            "defect": [
              "1029077"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "DATE_PUBLIC": "2017-10-02T00:00:00.000Z",
              "ID": "CVE-2017-9285",
              "STATE": "PUBLIC",
              "TITLE": "Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eDirectory",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "9.0 SP4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when \"ebaclient\" was used, allowing unpermitted access to eDirectory services."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Lack of access checks"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7016794",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7016794"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1029077",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
                },
                {
                  "name": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
                }
              ]
            },
            "source": {
              "defect": [
                "1029077"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-9285",
        "datePublished": "2018-03-02T20:00:00.000Z",
        "dateReserved": "2017-05-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:25:58.378Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7429 (GCVE-0-2017-7429)

    Vulnerability from nvd – Published: 2018-03-02 20:00 – Updated: 2024-09-16 23:35
    VLAI
    Title
    Fix for NetIQ shell code upload
    Summary
    The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NetIQ eDirectory Affected: unspecified , < 8.8.8 Patch 10 HF1 (custom)
    Create a notification for this product.
    Date Public
    2017-10-02 00:00
    Credits
    SySS GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:04:11.244Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=3426981"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eDirectory",
              "vendor": "NetIQ",
              "versions": [
                {
                  "lessThan": "8.8.8 Patch 10 HF1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "SySS GmbH"
            }
          ],
          "datePublic": "2017-10-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:34.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=3426981"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
            }
          ],
          "source": {
            "defect": [
              "1024957"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Fix for NetIQ shell code upload",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "DATE_PUBLIC": "2017-10-02T00:00:00.000Z",
              "ID": "CVE-2017-7429",
              "STATE": "PUBLIC",
              "TITLE": "Fix for NetIQ shell code upload"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eDirectory",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "8.8.8 Patch 10 HF1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "SySS GmbH"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1024957",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
                },
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=3426981",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=3426981"
                },
                {
                  "name": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
                }
              ]
            },
            "source": {
              "defect": [
                "1024957"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-7429",
        "datePublished": "2018-03-02T20:00:00.000Z",
        "dateReserved": "2017-04-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:35:59.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-0432 (GCVE-0-2012-0432)

    Vulnerability from nvd – Published: 2012-12-25 11:00 – Updated: 2024-09-16 19:00
    VLAI
    Summary
    Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:23:30.993Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=3426981"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=785272"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-12-25T11:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=3426981"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=785272"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-0432",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=3426981",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=3426981"
                },
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=785272",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=785272"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-0432",
        "datePublished": "2012-12-25T11:00:00.000Z",
        "dateReserved": "2012-01-09T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:00:30.311Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-0430 (GCVE-0-2012-0430)

    Vulnerability from nvd – Published: 2012-12-25 11:00 – Updated: 2024-08-06 18:23
    VLAI
    Summary
    Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-12-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:23:31.039Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=7011538"
              },
              {
                "name": "1027910",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1027910"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=3426981"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=772898"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-03-14T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=7011538"
            },
            {
              "name": "1027910",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1027910"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=3426981"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=772898"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-0430",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=7011538",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=7011538"
                },
                {
                  "name": "1027910",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1027910"
                },
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=3426981",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=3426981"
                },
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=772898",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=772898"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-0430",
        "datePublished": "2012-12-25T11:00:00.000Z",
        "dateReserved": "2012-01-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:23:31.039Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-0429 (GCVE-0-2012-0429)

    Vulnerability from nvd – Published: 2012-12-25 11:00 – Updated: 2024-08-06 18:23
    VLAI
    Summary
    dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-12-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:23:30.998Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1027912",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1027912"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=7011533"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=772895"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=3426981"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-03-14T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1027912",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1027912"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=7011533"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=772895"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=3426981"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-0429",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1027912",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1027912"
                },
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=7011533",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=7011533"
                },
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=772895",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=772895"
                },
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=3426981",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=3426981"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-0429",
        "datePublished": "2012-12-25T11:00:00.000Z",
        "dateReserved": "2012-01-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:23:30.998Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-0428 (GCVE-0-2012-0428)

    Vulnerability from nvd – Published: 2012-12-25 11:00 – Updated: 2024-08-06 18:23
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-12-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:23:30.985Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1027911",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1027911"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=7011539"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=772899"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=3426981"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-03-14T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1027911",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1027911"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=7011539"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=772899"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=3426981"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-0428",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1027911",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1027911"
                },
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=7011539",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=7011539"
                },
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=772899",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=772899"
                },
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=3426981",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=3426981"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-0428",
        "datePublished": "2012-12-25T11:00:00.000Z",
        "dateReserved": "2012-01-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:23:30.985Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22503 (GCVE-0-2021-22503)

    Vulnerability from cvelistv5 – Published: 2024-09-12 12:44 – Updated: 2024-09-12 12:57
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation Vulnerability
    Summary
    Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.3.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText eDirectory Affected: 9.2.3.0000 , < < (rpm, exe)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-22503",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T12:56:14.643731Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T12:57:21.328Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "eDirectory",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThan": "\u003c",
                  "status": "affected",
                  "version": "9.2.3.0000",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible \nImproper Neutralization of Input During Web Page Generation Vulnerability\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 eDirectory \u003c/strong\u003e\u003cstrong\u003e9.2.3.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible \nImproper Neutralization of Input During Web Page Generation Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.3.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-12T12:44:45.771Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/edirectory-92/edirectory924_releasenotes/data/edirectory924_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Neutralization of Input During Web Page Generation Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-22503",
        "datePublished": "2024-09-12T12:44:45.771Z",
        "dateReserved": "2021-01-05T18:14:04.348Z",
        "dateUpdated": "2024-09-12T12:57:21.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22532 (GCVE-0-2021-22532)

    Vulnerability from cvelistv5 – Published: 2024-09-12 12:44 – Updated: 2024-09-12 12:57
    VLAI
    Title
    Possible NLDAP Denial of Service attack Vulnerability
    Summary
    Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText™ eDirectory before 9.2.4.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    OpenText eDirectory Affected: 9.2.4.0000 , < < (rpm, exe)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-22532",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T12:56:39.146836Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T12:57:35.202Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "eDirectory",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThan": "\u003c",
                  "status": "affected",
                  "version": "9.2.4.0000",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible\u0026nbsp;NLDAP Denial of Service attack Vulnerability\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \n\u003cstrong\u003e\u003c/strong\u003eeDirectory before 9.2.4.0000\u003cstrong\u003e.\u003c/strong\u003e\u003c/strong\u003e\u003cstrong\u003e\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible\u00a0NLDAP Denial of Service attack Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 \neDirectory before 9.2.4.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-125",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-125 Flooding"
                }
              ]
            },
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-12T12:44:20.724Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/edirectory-92/edirectory925_releasenotes/data/edirectory925_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible NLDAP Denial of Service attack Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-22532",
        "datePublished": "2024-09-12T12:44:20.724Z",
        "dateReserved": "2021-01-05T18:14:04.352Z",
        "dateUpdated": "2024-09-12T12:57:35.202Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-22533 (GCVE-0-2021-22533)

    Vulnerability from cvelistv5 – Published: 2024-09-12 12:43 – Updated: 2024-09-12 13:06
    VLAI
    Title
    Possible Insertion of Sensitive Information into Log File Vulnerability
    Summary
    Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    Impacted products
    Vendor Product Version
    OpenText eDirectory Affected: 9.2.4.0000 , < < (rpm, exe)
    Create a notification for this product.
    opentext edirectory Affected: 0 , < 9.2.4.0000 (rpm)
        cpe:2.3:a:opentext:edirectory:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:opentext:edirectory:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edirectory",
                "vendor": "opentext",
                "versions": [
                  {
                    "lessThan": "9.2.4.0000",
                    "status": "affected",
                    "version": "0",
                    "versionType": "rpm"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-22533",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T12:56:49.548870Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T13:06:12.575Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "eDirectory",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThan": "\u003c",
                  "status": "affected",
                  "version": "9.2.4.0000",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible Insertion of Sensitive Information into Log File Vulnerability\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 eDirectory 9.2.4.0000\u003cstrong\u003e.\u003c/strong\u003e\u003c/strong\u003e\u003cstrong\u003e\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible Insertion of Sensitive Information into Log File Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.4.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-215",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-215 Fuzzing for application mapping"
                }
              ]
            },
            {
              "capecId": "CAPEC-261",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-261 Fuzzing for garnering other adjacent user/sensitive data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-12T12:43:51.734Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/edirectory-92/edirectory925_releasenotes/data/edirectory925_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible Insertion of Sensitive Information into Log File Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-22533",
        "datePublished": "2024-09-12T12:43:51.734Z",
        "dateReserved": "2021-01-05T18:14:04.352Z",
        "dateUpdated": "2024-09-12T13:06:12.575Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38131 (GCVE-0-2021-38131)

    Vulnerability from cvelistv5 – Published: 2024-09-12 12:42 – Updated: 2024-09-12 12:57
    VLAI
    Title
    Cross-Site Scripting (XSS) Vulnerability
    Summary
    Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.5.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText eDirectory Affected: 9.2.0 , ≤ 9.2.5.0000 (rpm, exe)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38131",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T12:56:56.507059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T12:57:07.117Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "eDirectory",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "9.2.5.0000",
                  "status": "affected",
                  "version": "9.2.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible Cross-Site Scripting (XSS) Vulnerability\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eeDirectory 9.2.5.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible Cross-Site Scripting (XSS) Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.5.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-12T12:42:36.704Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting (XSS) Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-38131",
        "datePublished": "2024-09-12T12:42:36.704Z",
        "dateReserved": "2021-08-04T20:57:01.491Z",
        "dateUpdated": "2024-09-12T12:57:07.117Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38132 (GCVE-0-2021-38132)

    Vulnerability from cvelistv5 – Published: 2024-09-12 12:42 – Updated: 2024-09-12 13:05
    VLAI
    Title
    Possible External service interaction Vulnerability
    Summary
    Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    OpenText eDirectory Affected: 9.1.2 , ≤ 9.2.5.0000 (rpm, exe)
    Create a notification for this product.
    opentext edirectory Affected: 9.1.2 , ≤ 9.2.5.0000 (rpm)
        cpe:2.3:a:opentext:edirectory:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:opentext:edirectory:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edirectory",
                "vendor": "opentext",
                "versions": [
                  {
                    "lessThanOrEqual": "9.2.5.0000",
                    "status": "affected",
                    "version": "9.1.2",
                    "versionType": "rpm"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38132",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T12:57:47.963127Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T13:05:51.351Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "eDirectory",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "9.2.5.0000",
                  "status": "affected",
                  "version": "9.1.2",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible \nExternal Service Interaction attack\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u0026nbsp;\u003c/strong\u003e\u003cstrong\u003e9.2.6.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible \nExternal Service Interaction attack\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u00a09.2.6.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-664",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-664 Server Side Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-12T12:42:19.675Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible External service interaction Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-38132",
        "datePublished": "2024-09-12T12:42:19.675Z",
        "dateReserved": "2021-08-04T20:57:01.491Z",
        "dateUpdated": "2024-09-12T13:05:51.351Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38133 (GCVE-0-2021-38133)

    Vulnerability from cvelistv5 – Published: 2024-09-12 12:41 – Updated: 2024-09-12 12:58
    VLAI
    Title
    Possible Improper authentication Vulnerability in OpenText eDirectory
    Summary
    Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    Impacted products
    Vendor Product Version
    OpenText eDirectory Affected: 9.2.0 , ≤ 9.2.5.0000 (rpm, exe)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38133",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T12:58:03.843046Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T12:58:13.205Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "eDirectory",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "9.2.5.0000",
                  "status": "affected",
                  "version": "9.2.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible \nExternal Service Interaction attack\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u0026nbsp;\u003c/strong\u003e\u003cstrong\u003e9.2.6.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible \nExternal Service Interaction attack\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u00a09.2.6.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-112",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-112 Brute Force"
                }
              ]
            },
            {
              "capecId": "CAPEC-16",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-16 Dictionary-based Password Attack"
                }
              ]
            },
            {
              "capecId": "CAPEC-49",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-49 Password Brute Forcing"
                }
              ]
            },
            {
              "capecId": "CAPEC-70",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-70 Try Common or Default Usernames and Passwords"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-12T12:41:46.807Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible Improper authentication Vulnerability in OpenText eDirectory",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-38133",
        "datePublished": "2024-09-12T12:41:46.807Z",
        "dateReserved": "2021-08-04T20:57:01.491Z",
        "dateUpdated": "2024-09-12T12:58:13.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17952 (GCVE-0-2018-17952)

    Vulnerability from cvelistv5 – Published: 2018-12-12 14:00 – Updated: 2024-08-05 11:01
    VLAI
    Summary
    Cross site scripting vulnerability in eDirectory prior to 9.1 SP2
    Severity
    No CVSS data available.
    CWE
    • XSS
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus NetIQ eDirectory 9.1 SP2 Affected: All versions prior to version 9.1 SP2
    Create a notification for this product.
    Date Public
    2018-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.599Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NetIQ eDirectory 9.1 SP2",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 9.1 SP2"
                }
              ]
            }
          ],
          "datePublic": "2018-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross site scripting vulnerability in eDirectory prior to 9.1 SP2"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XSS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:48.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2018-17952",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NetIQ eDirectory 9.1 SP2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 9.1 SP2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross site scripting vulnerability in eDirectory prior to 9.1 SP2"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XSS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html",
                  "refsource": "MISC",
                  "url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-17952",
        "datePublished": "2018-12-12T14:00:00.000Z",
        "dateReserved": "2018-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:01:14.599Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17950 (GCVE-0-2018-17950)

    Vulnerability from cvelistv5 – Published: 2018-12-12 14:00 – Updated: 2024-08-05 11:01
    VLAI
    Summary
    Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2
    Severity
    No CVSS data available.
    CWE
    • Improper Access
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus NetIQ eDirectory 9.1 SP2 Affected: All versions prior to version 9.1 SP2
    Create a notification for this product.
    Date Public
    2018-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.733Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NetIQ eDirectory 9.1 SP2",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 9.1 SP2"
                }
              ]
            }
          ],
          "datePublic": "2018-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:47.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2018-17950",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NetIQ eDirectory 9.1 SP2",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 9.1 SP2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html",
                  "refsource": "MISC",
                  "url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-17950",
        "datePublished": "2018-12-12T14:00:00.000Z",
        "dateReserved": "2018-10-03T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:01:14.733Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7692 (GCVE-0-2018-7692)

    Vulnerability from cvelistv5 – Published: 2018-08-09 21:00 – Updated: 2024-09-16 19:20
    VLAI
    Summary
    Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.
    Severity
    No CVSS data available.
    CWE
    • Redirection vulnerability.
    Assigner
    References
    Impacted products
    Date Public
    2018-08-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:31:05.138Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NetIQ eDirectory Versions prior to 9.1.1 HF1",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to 9.1.1 HF1"
                }
              ]
            }
          ],
          "datePublic": "2018-08-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Redirection vulnerability.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:42.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2018-08-09T00:00:00",
              "ID": "CVE-2018-7692",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NetIQ eDirectory Versions prior to 9.1.1 HF1",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions prior to 9.1.1 HF1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Redirection vulnerability."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html",
                  "refsource": "MISC",
                  "url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-7692",
        "datePublished": "2018-08-09T21:00:00.000Z",
        "dateReserved": "2018-03-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:20:45.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-7686 (GCVE-0-2018-7686)

    Vulnerability from cvelistv5 – Published: 2018-08-09 21:00 – Updated: 2024-09-17 03:43
    VLAI
    Summary
    Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
    Severity
    No CVSS data available.
    CWE
    • Information Leakage.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Micro Focus eDirectory (ZDI) Affected: Versions prior to 9.1.1 HF1
    Create a notification for this product.
    Date Public
    2018-08-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:31:05.261Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eDirectory (ZDI)",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions prior to 9.1.1 HF1"
                }
              ]
            }
          ],
          "datePublic": "2018-08-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Leakage.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:43.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2018-08-09T00:00:00",
              "ID": "CVE-2018-7686",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eDirectory (ZDI)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions prior to 9.1.1 HF1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Leakage."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html",
                  "refsource": "MISC",
                  "url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-7686",
        "datePublished": "2018-08-09T21:00:00.000Z",
        "dateReserved": "2018-03-05T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:43:00.322Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7429 (GCVE-0-2017-7429)

    Vulnerability from cvelistv5 – Published: 2018-03-02 20:00 – Updated: 2024-09-16 23:35
    VLAI
    Title
    Fix for NetIQ shell code upload
    Summary
    The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NetIQ eDirectory Affected: unspecified , < 8.8.8 Patch 10 HF1 (custom)
    Create a notification for this product.
    Date Public
    2017-10-02 00:00
    Credits
    SySS GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:04:11.244Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=3426981"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eDirectory",
              "vendor": "NetIQ",
              "versions": [
                {
                  "lessThan": "8.8.8 Patch 10 HF1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "SySS GmbH"
            }
          ],
          "datePublic": "2017-10-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:34.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=3426981"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
            }
          ],
          "source": {
            "defect": [
              "1024957"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Fix for NetIQ shell code upload",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "DATE_PUBLIC": "2017-10-02T00:00:00.000Z",
              "ID": "CVE-2017-7429",
              "STATE": "PUBLIC",
              "TITLE": "Fix for NetIQ shell code upload"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eDirectory",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "8.8.8 Patch 10 HF1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "SySS GmbH"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-434"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1024957",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
                },
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=3426981",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=3426981"
                },
                {
                  "name": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
                }
              ]
            },
            "source": {
              "defect": [
                "1024957"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-7429",
        "datePublished": "2018-03-02T20:00:00.000Z",
        "dateReserved": "2017-04-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:35:59.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9285 (GCVE-0-2017-9285)

    Vulnerability from cvelistv5 – Published: 2018-03-02 20:00 – Updated: 2024-09-17 00:25
    VLAI
    Title
    Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface
    Summary
    NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NetIQ eDirectory Affected: unspecified , < 9.0 SP4 (custom)
    Create a notification for this product.
    Date Public
    2017-10-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:02:44.179Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.novell.com/support/kb/doc.php?id=7016794"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "eDirectory",
              "vendor": "NetIQ",
              "versions": [
                {
                  "lessThan": "9.0 SP4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-10-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when \"ebaclient\" was used, allowing unpermitted access to eDirectory services."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Lack of access checks",
                  "lang": "en",
                  "type": "text"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:35.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.novell.com/support/kb/doc.php?id=7016794"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
            }
          ],
          "source": {
            "defect": [
              "1029077"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@suse.com",
              "DATE_PUBLIC": "2017-10-02T00:00:00.000Z",
              "ID": "CVE-2017-9285",
              "STATE": "PUBLIC",
              "TITLE": "Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "eDirectory",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "9.0 SP4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetIQ"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when \"ebaclient\" was used, allowing unpermitted access to eDirectory services."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Lack of access checks"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.novell.com/support/kb/doc.php?id=7016794",
                  "refsource": "CONFIRM",
                  "url": "https://www.novell.com/support/kb/doc.php?id=7016794"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=1029077",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
                },
                {
                  "name": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
                }
              ]
            },
            "source": {
              "defect": [
                "1029077"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2017-9285",
        "datePublished": "2018-03-02T20:00:00.000Z",
        "dateReserved": "2017-05-29T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:25:58.378Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-0430 (GCVE-0-2012-0430)

    Vulnerability from cvelistv5 – Published: 2012-12-25 11:00 – Updated: 2024-08-06 18:23
    VLAI
    Summary
    Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-12-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:23:31.039Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=7011538"
              },
              {
                "name": "1027910",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1027910"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=3426981"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=772898"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-03-14T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=7011538"
            },
            {
              "name": "1027910",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1027910"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=3426981"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=772898"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-0430",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=7011538",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=7011538"
                },
                {
                  "name": "1027910",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1027910"
                },
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=3426981",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=3426981"
                },
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=772898",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=772898"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-0430",
        "datePublished": "2012-12-25T11:00:00.000Z",
        "dateReserved": "2012-01-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:23:31.039Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-0429 (GCVE-0-2012-0429)

    Vulnerability from cvelistv5 – Published: 2012-12-25 11:00 – Updated: 2024-08-06 18:23
    VLAI
    Summary
    dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-12-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:23:30.998Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1027912",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1027912"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=7011533"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=772895"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/support/kb/doc.php?id=3426981"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-03-14T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1027912",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1027912"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=7011533"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=772895"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.novell.com/support/kb/doc.php?id=3426981"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-0429",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1027912",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1027912"
                },
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=7011533",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=7011533"
                },
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=772895",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=772895"
                },
                {
                  "name": "http://www.novell.com/support/kb/doc.php?id=3426981",
                  "refsource": "CONFIRM",
                  "url": "http://www.novell.com/support/kb/doc.php?id=3426981"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-0429",
        "datePublished": "2012-12-25T11:00:00.000Z",
        "dateReserved": "2012-01-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:23:30.998Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }