Search criteria
32 vulnerabilities found for edirectory by microfocus
CVE-2021-38133 (GCVE-0-2021-38133)
Vulnerability from nvd – Published: 2024-09-12 12:41 – Updated: 2024-09-12 12:58
VLAI?
Title
Possible Improper authentication Vulnerability in OpenText eDirectory
Summary
Possible
External Service Interaction attack
in eDirectory has been discovered in
OpenText™ eDirectory. This impact all version before 9.2.6.0000.
Severity ?
7.4 (High)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | eDirectory |
Affected:
9.2.0 , ≤ 9.2.5.0000
(rpm, exe)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T12:58:03.843046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:58:13.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "eDirectory",
"vendor": "OpenText",
"versions": [
{
"lessThanOrEqual": "9.2.5.0000",
"status": "affected",
"version": "9.2.0",
"versionType": "rpm, exe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003ePossible \nExternal Service Interaction attack\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u0026nbsp;\u003c/strong\u003e\u003cstrong\u003e9.2.6.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
}
],
"value": "Possible \nExternal Service Interaction attack\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u00a09.2.6.0000."
}
],
"impacts": [
{
"capecId": "CAPEC-112",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-112 Brute Force"
}
]
},
{
"capecId": "CAPEC-16",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-16 Dictionary-based Password Attack"
}
]
},
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
},
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70 Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:41:46.807Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible Improper authentication Vulnerability in OpenText eDirectory",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-38133",
"datePublished": "2024-09-12T12:41:46.807Z",
"dateReserved": "2021-08-04T20:57:01.491Z",
"dateUpdated": "2024-09-12T12:58:13.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38132 (GCVE-0-2021-38132)
Vulnerability from nvd – Published: 2024-09-12 12:42 – Updated: 2024-09-12 13:05
VLAI?
Title
Possible External service interaction Vulnerability
Summary
Possible
External Service Interaction attack
in eDirectory has been discovered in
OpenText™ eDirectory. This impact all version before 9.2.6.0000.
Severity ?
5.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | eDirectory |
Affected:
9.1.2 , ≤ 9.2.5.0000
(rpm, exe)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opentext:edirectory:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edirectory",
"vendor": "opentext",
"versions": [
{
"lessThanOrEqual": "9.2.5.0000",
"status": "affected",
"version": "9.1.2",
"versionType": "rpm"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T12:57:47.963127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:05:51.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "eDirectory",
"vendor": "OpenText",
"versions": [
{
"lessThanOrEqual": "9.2.5.0000",
"status": "affected",
"version": "9.1.2",
"versionType": "rpm, exe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003ePossible \nExternal Service Interaction attack\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u0026nbsp;\u003c/strong\u003e\u003cstrong\u003e9.2.6.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
}
],
"value": "Possible \nExternal Service Interaction attack\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u00a09.2.6.0000."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:42:19.675Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible External service interaction Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-38132",
"datePublished": "2024-09-12T12:42:19.675Z",
"dateReserved": "2021-08-04T20:57:01.491Z",
"dateUpdated": "2024-09-12T13:05:51.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38131 (GCVE-0-2021-38131)
Vulnerability from nvd – Published: 2024-09-12 12:42 – Updated: 2024-09-12 12:57
VLAI?
Title
Cross-Site Scripting (XSS) Vulnerability
Summary
Possible Cross-Site Scripting (XSS) Vulnerability
in eDirectory has been discovered in
OpenText™ eDirectory 9.2.5.0000.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | eDirectory |
Affected:
9.2.0 , ≤ 9.2.5.0000
(rpm, exe)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T12:56:56.507059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:57:07.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "eDirectory",
"vendor": "OpenText",
"versions": [
{
"lessThanOrEqual": "9.2.5.0000",
"status": "affected",
"version": "9.2.0",
"versionType": "rpm, exe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003ePossible Cross-Site Scripting (XSS) Vulnerability\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eeDirectory 9.2.5.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
}
],
"value": "Possible Cross-Site Scripting (XSS) Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.5.0000."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:42:36.704Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-38131",
"datePublished": "2024-09-12T12:42:36.704Z",
"dateReserved": "2021-08-04T20:57:01.491Z",
"dateUpdated": "2024-09-12T12:57:07.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22533 (GCVE-0-2021-22533)
Vulnerability from nvd – Published: 2024-09-12 12:43 – Updated: 2024-09-12 13:06
VLAI?
Title
Possible Insertion of Sensitive Information into Log File Vulnerability
Summary
Possible Insertion of Sensitive Information into Log File Vulnerability
in eDirectory has been discovered in
OpenText™ eDirectory 9.2.4.0000.
Severity ?
6.5 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | eDirectory |
Affected:
9.2.4.0000 , < <
(rpm, exe)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opentext:edirectory:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edirectory",
"vendor": "opentext",
"versions": [
{
"lessThan": "9.2.4.0000",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-22533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T12:56:49.548870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:06:12.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "eDirectory",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "9.2.4.0000",
"versionType": "rpm, exe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003ePossible Insertion of Sensitive Information into Log File Vulnerability\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 eDirectory 9.2.4.0000\u003cstrong\u003e.\u003c/strong\u003e\u003c/strong\u003e\u003cstrong\u003e\u003cbr\u003e\u003c/strong\u003e"
}
],
"value": "Possible Insertion of Sensitive Information into Log File Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.4.0000."
}
],
"impacts": [
{
"capecId": "CAPEC-215",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-215 Fuzzing for application mapping"
}
]
},
{
"capecId": "CAPEC-261",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-261 Fuzzing for garnering other adjacent user/sensitive data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:43:51.734Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory925_releasenotes/data/edirectory925_releasenotes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible Insertion of Sensitive Information into Log File Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-22533",
"datePublished": "2024-09-12T12:43:51.734Z",
"dateReserved": "2021-01-05T18:14:04.352Z",
"dateUpdated": "2024-09-12T13:06:12.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22532 (GCVE-0-2021-22532)
Vulnerability from nvd – Published: 2024-09-12 12:44 – Updated: 2024-09-12 12:57
VLAI?
Title
Possible NLDAP Denial of Service attack Vulnerability
Summary
Possible NLDAP Denial of Service attack Vulnerability
in eDirectory has been discovered in
OpenText™
eDirectory before 9.2.4.0000.
Severity ?
7.6 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | eDirectory |
Affected:
9.2.4.0000 , < <
(rpm, exe)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-22532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T12:56:39.146836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:57:35.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "eDirectory",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "9.2.4.0000",
"versionType": "rpm, exe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003ePossible\u0026nbsp;NLDAP Denial of Service attack Vulnerability\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \n\u003cstrong\u003e\u003c/strong\u003eeDirectory before 9.2.4.0000\u003cstrong\u003e.\u003c/strong\u003e\u003c/strong\u003e\u003cstrong\u003e\u003cbr\u003e\u003c/strong\u003e"
}
],
"value": "Possible\u00a0NLDAP Denial of Service attack Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 \neDirectory before 9.2.4.0000."
}
],
"impacts": [
{
"capecId": "CAPEC-125",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-125 Flooding"
}
]
},
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:44:20.724Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory925_releasenotes/data/edirectory925_releasenotes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible NLDAP Denial of Service attack Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-22532",
"datePublished": "2024-09-12T12:44:20.724Z",
"dateReserved": "2021-01-05T18:14:04.352Z",
"dateUpdated": "2024-09-12T12:57:35.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22503 (GCVE-0-2021-22503)
Vulnerability from nvd – Published: 2024-09-12 12:44 – Updated: 2024-09-12 12:57
VLAI?
Title
Improper Neutralization of Input During Web Page Generation Vulnerability
Summary
Possible
Improper Neutralization of Input During Web Page Generation Vulnerability
in eDirectory has been discovered in
OpenText™ eDirectory 9.2.3.0000.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | eDirectory |
Affected:
9.2.3.0000 , < <
(rpm, exe)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-22503",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T12:56:14.643731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:57:21.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "eDirectory",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "9.2.3.0000",
"versionType": "rpm, exe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003ePossible \nImproper Neutralization of Input During Web Page Generation Vulnerability\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 eDirectory \u003c/strong\u003e\u003cstrong\u003e9.2.3.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
}
],
"value": "Possible \nImproper Neutralization of Input During Web Page Generation Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.3.0000."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:44:45.771Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory924_releasenotes/data/edirectory924_releasenotes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Input During Web Page Generation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-22503",
"datePublished": "2024-09-12T12:44:45.771Z",
"dateReserved": "2021-01-05T18:14:04.348Z",
"dateUpdated": "2024-09-12T12:57:21.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17952 (GCVE-0-2018-17952)
Vulnerability from nvd – Published: 2018-12-12 14:00 – Updated: 2024-08-05 11:01
VLAI?
Summary
Cross site scripting vulnerability in eDirectory prior to 9.1 SP2
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ eDirectory 9.1 SP2 |
Affected:
All versions prior to version 9.1 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ eDirectory 9.1 SP2",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 9.1 SP2"
}
]
}
],
"datePublic": "2018-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting vulnerability in eDirectory prior to 9.1 SP2"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:48",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-17952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ eDirectory 9.1 SP2",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 9.1 SP2"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross site scripting vulnerability in eDirectory prior to 9.1 SP2"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html",
"refsource": "MISC",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-17952",
"datePublished": "2018-12-12T14:00:00",
"dateReserved": "2018-10-03T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17950 (GCVE-0-2018-17950)
Vulnerability from nvd – Published: 2018-12-12 14:00 – Updated: 2024-08-05 11:01
VLAI?
Summary
Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2
Severity ?
No CVSS data available.
CWE
- Improper Access
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ eDirectory 9.1 SP2 |
Affected:
All versions prior to version 9.1 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ eDirectory 9.1 SP2",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 9.1 SP2"
}
]
}
],
"datePublic": "2018-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:47",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-17950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ eDirectory 9.1 SP2",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 9.1 SP2"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html",
"refsource": "MISC",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-17950",
"datePublished": "2018-12-12T14:00:00",
"dateReserved": "2018-10-03T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7692 (GCVE-0-2018-7692)
Vulnerability from nvd – Published: 2018-08-09 21:00 – Updated: 2024-09-16 19:20
VLAI?
Summary
Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.
Severity ?
No CVSS data available.
CWE
- Redirection vulnerability.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ eDirectory Versions prior to 9.1.1 HF1 |
Affected:
Versions prior to 9.1.1 HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ eDirectory Versions prior to 9.1.1 HF1",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Versions prior to 9.1.1 HF1"
}
]
}
],
"datePublic": "2018-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Redirection vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:42",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-08-09T00:00:00",
"ID": "CVE-2018-7692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ eDirectory Versions prior to 9.1.1 HF1",
"version": {
"version_data": [
{
"version_value": "Versions prior to 9.1.1 HF1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Redirection vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html",
"refsource": "MISC",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7692",
"datePublished": "2018-08-09T21:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-16T19:20:45.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7686 (GCVE-0-2018-7686)
Vulnerability from nvd – Published: 2018-08-09 21:00 – Updated: 2024-09-17 03:43
VLAI?
Summary
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
Severity ?
No CVSS data available.
CWE
- Information Leakage.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | eDirectory (ZDI) |
Affected:
Versions prior to 9.1.1 HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eDirectory (ZDI)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Versions prior to 9.1.1 HF1"
}
]
}
],
"datePublic": "2018-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Leakage.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:43",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-08-09T00:00:00",
"ID": "CVE-2018-7686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eDirectory (ZDI)",
"version": {
"version_data": [
{
"version_value": "Versions prior to 9.1.1 HF1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Leakage."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html",
"refsource": "MISC",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7686",
"datePublished": "2018-08-09T21:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-17T03:43:00.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9285 (GCVE-0-2017-9285)
Vulnerability from nvd – Published: 2018-03-02 20:00 – Updated: 2024-09-17 00:25
VLAI?
Title
Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface
Summary
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
Severity ?
5.4 (Medium)
CWE
- Lack of access checks
- CWE-284
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | eDirectory |
Affected:
unspecified , < 9.0 SP4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eDirectory",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "9.0 SP4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when \"ebaclient\" was used, allowing unpermitted access to eDirectory services."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Lack of access checks",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:35",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
}
],
"source": {
"defect": [
"1029077"
],
"discovery": "INTERNAL"
},
"title": "Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2017-10-02T00:00:00.000Z",
"ID": "CVE-2017-9285",
"STATE": "PUBLIC",
"TITLE": "Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eDirectory",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "9.0 SP4"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when \"ebaclient\" was used, allowing unpermitted access to eDirectory services."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Lack of access checks"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7016794",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1029077",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
},
{
"name": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
}
]
},
"source": {
"defect": [
"1029077"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-9285",
"datePublished": "2018-03-02T20:00:00Z",
"dateReserved": "2017-05-29T00:00:00",
"dateUpdated": "2024-09-17T00:25:58.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7429 (GCVE-0-2017-7429)
Vulnerability from nvd – Published: 2018-03-02 20:00 – Updated: 2024-09-16 23:35
VLAI?
Title
Fix for NetIQ shell code upload
Summary
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
Severity ?
8.8 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | eDirectory |
Affected:
unspecified , < 8.8.8 Patch 10 HF1
(custom)
|
Credits
SySS GmbH
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eDirectory",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "8.8.8 Patch 10 HF1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "SySS GmbH"
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:34",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
}
],
"source": {
"defect": [
"1024957"
],
"discovery": "EXTERNAL"
},
"title": "Fix for NetIQ shell code upload",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2017-10-02T00:00:00.000Z",
"ID": "CVE-2017-7429",
"STATE": "PUBLIC",
"TITLE": "Fix for NetIQ shell code upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eDirectory",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "8.8.8 Patch 10 HF1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SySS GmbH"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1024957",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"name": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
}
]
},
"source": {
"defect": [
"1024957"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-7429",
"datePublished": "2018-03-02T20:00:00Z",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-09-16T23:35:59.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0432 (GCVE-0-2012-0432)
Vulnerability from nvd – Published: 2012-12-25 11:00 – Updated: 2024-09-16 19:00
VLAI?
Summary
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=785272"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-25T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=785272"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=785272",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=785272"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0432",
"datePublished": "2012-12-25T11:00:00Z",
"dateReserved": "2012-01-09T00:00:00Z",
"dateUpdated": "2024-09-16T19:00:30.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0430 (GCVE-0-2012-0430)
Vulnerability from nvd – Published: 2012-12-25 11:00 – Updated: 2024-08-06 18:23
VLAI?
Summary
Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:31.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011538"
},
{
"name": "1027910",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027910"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772898"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-14T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011538"
},
{
"name": "1027910",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027910"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/kb/doc.php?id=7011538",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7011538"
},
{
"name": "1027910",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027910"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=772898",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0430",
"datePublished": "2012-12-25T11:00:00",
"dateReserved": "2012-01-09T00:00:00",
"dateUpdated": "2024-08-06T18:23:31.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0429 (GCVE-0-2012-0429)
Vulnerability from nvd – Published: 2012-12-25 11:00 – Updated: 2024-08-06 18:23
VLAI?
Summary
dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027912",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027912"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011533"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772895"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-14T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1027912",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027912"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011533"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772895"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027912",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027912"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7011533",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7011533"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=772895",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772895"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0429",
"datePublished": "2012-12-25T11:00:00",
"dateReserved": "2012-01-09T00:00:00",
"dateUpdated": "2024-08-06T18:23:30.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0428 (GCVE-0-2012-0428)
Vulnerability from nvd – Published: 2012-12-25 11:00 – Updated: 2024-08-06 18:23
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027911",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027911"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011539"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-14T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1027911",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027911"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011539"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027911",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027911"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7011539",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7011539"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=772899",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772899"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0428",
"datePublished": "2012-12-25T11:00:00",
"dateReserved": "2012-01-09T00:00:00",
"dateUpdated": "2024-08-06T18:23:30.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22503 (GCVE-0-2021-22503)
Vulnerability from cvelistv5 – Published: 2024-09-12 12:44 – Updated: 2024-09-12 12:57
VLAI?
Title
Improper Neutralization of Input During Web Page Generation Vulnerability
Summary
Possible
Improper Neutralization of Input During Web Page Generation Vulnerability
in eDirectory has been discovered in
OpenText™ eDirectory 9.2.3.0000.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | eDirectory |
Affected:
9.2.3.0000 , < <
(rpm, exe)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-22503",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T12:56:14.643731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:57:21.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "eDirectory",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "9.2.3.0000",
"versionType": "rpm, exe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003ePossible \nImproper Neutralization of Input During Web Page Generation Vulnerability\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 eDirectory \u003c/strong\u003e\u003cstrong\u003e9.2.3.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
}
],
"value": "Possible \nImproper Neutralization of Input During Web Page Generation Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.3.0000."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:44:45.771Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory924_releasenotes/data/edirectory924_releasenotes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Input During Web Page Generation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-22503",
"datePublished": "2024-09-12T12:44:45.771Z",
"dateReserved": "2021-01-05T18:14:04.348Z",
"dateUpdated": "2024-09-12T12:57:21.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22532 (GCVE-0-2021-22532)
Vulnerability from cvelistv5 – Published: 2024-09-12 12:44 – Updated: 2024-09-12 12:57
VLAI?
Title
Possible NLDAP Denial of Service attack Vulnerability
Summary
Possible NLDAP Denial of Service attack Vulnerability
in eDirectory has been discovered in
OpenText™
eDirectory before 9.2.4.0000.
Severity ?
7.6 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | eDirectory |
Affected:
9.2.4.0000 , < <
(rpm, exe)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-22532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T12:56:39.146836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:57:35.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "eDirectory",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "9.2.4.0000",
"versionType": "rpm, exe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003ePossible\u0026nbsp;NLDAP Denial of Service attack Vulnerability\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \n\u003cstrong\u003e\u003c/strong\u003eeDirectory before 9.2.4.0000\u003cstrong\u003e.\u003c/strong\u003e\u003c/strong\u003e\u003cstrong\u003e\u003cbr\u003e\u003c/strong\u003e"
}
],
"value": "Possible\u00a0NLDAP Denial of Service attack Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 \neDirectory before 9.2.4.0000."
}
],
"impacts": [
{
"capecId": "CAPEC-125",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-125 Flooding"
}
]
},
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:44:20.724Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory925_releasenotes/data/edirectory925_releasenotes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible NLDAP Denial of Service attack Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-22532",
"datePublished": "2024-09-12T12:44:20.724Z",
"dateReserved": "2021-01-05T18:14:04.352Z",
"dateUpdated": "2024-09-12T12:57:35.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22533 (GCVE-0-2021-22533)
Vulnerability from cvelistv5 – Published: 2024-09-12 12:43 – Updated: 2024-09-12 13:06
VLAI?
Title
Possible Insertion of Sensitive Information into Log File Vulnerability
Summary
Possible Insertion of Sensitive Information into Log File Vulnerability
in eDirectory has been discovered in
OpenText™ eDirectory 9.2.4.0000.
Severity ?
6.5 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | eDirectory |
Affected:
9.2.4.0000 , < <
(rpm, exe)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opentext:edirectory:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edirectory",
"vendor": "opentext",
"versions": [
{
"lessThan": "9.2.4.0000",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-22533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T12:56:49.548870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:06:12.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "eDirectory",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "9.2.4.0000",
"versionType": "rpm, exe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003ePossible Insertion of Sensitive Information into Log File Vulnerability\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 eDirectory 9.2.4.0000\u003cstrong\u003e.\u003c/strong\u003e\u003c/strong\u003e\u003cstrong\u003e\u003cbr\u003e\u003c/strong\u003e"
}
],
"value": "Possible Insertion of Sensitive Information into Log File Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.4.0000."
}
],
"impacts": [
{
"capecId": "CAPEC-215",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-215 Fuzzing for application mapping"
}
]
},
{
"capecId": "CAPEC-261",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-261 Fuzzing for garnering other adjacent user/sensitive data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:43:51.734Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory925_releasenotes/data/edirectory925_releasenotes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible Insertion of Sensitive Information into Log File Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-22533",
"datePublished": "2024-09-12T12:43:51.734Z",
"dateReserved": "2021-01-05T18:14:04.352Z",
"dateUpdated": "2024-09-12T13:06:12.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38131 (GCVE-0-2021-38131)
Vulnerability from cvelistv5 – Published: 2024-09-12 12:42 – Updated: 2024-09-12 12:57
VLAI?
Title
Cross-Site Scripting (XSS) Vulnerability
Summary
Possible Cross-Site Scripting (XSS) Vulnerability
in eDirectory has been discovered in
OpenText™ eDirectory 9.2.5.0000.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | eDirectory |
Affected:
9.2.0 , ≤ 9.2.5.0000
(rpm, exe)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T12:56:56.507059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:57:07.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "eDirectory",
"vendor": "OpenText",
"versions": [
{
"lessThanOrEqual": "9.2.5.0000",
"status": "affected",
"version": "9.2.0",
"versionType": "rpm, exe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003ePossible Cross-Site Scripting (XSS) Vulnerability\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eeDirectory 9.2.5.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
}
],
"value": "Possible Cross-Site Scripting (XSS) Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.5.0000."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:42:36.704Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-38131",
"datePublished": "2024-09-12T12:42:36.704Z",
"dateReserved": "2021-08-04T20:57:01.491Z",
"dateUpdated": "2024-09-12T12:57:07.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38132 (GCVE-0-2021-38132)
Vulnerability from cvelistv5 – Published: 2024-09-12 12:42 – Updated: 2024-09-12 13:05
VLAI?
Title
Possible External service interaction Vulnerability
Summary
Possible
External Service Interaction attack
in eDirectory has been discovered in
OpenText™ eDirectory. This impact all version before 9.2.6.0000.
Severity ?
5.3 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | eDirectory |
Affected:
9.1.2 , ≤ 9.2.5.0000
(rpm, exe)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opentext:edirectory:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edirectory",
"vendor": "opentext",
"versions": [
{
"lessThanOrEqual": "9.2.5.0000",
"status": "affected",
"version": "9.1.2",
"versionType": "rpm"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T12:57:47.963127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:05:51.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "eDirectory",
"vendor": "OpenText",
"versions": [
{
"lessThanOrEqual": "9.2.5.0000",
"status": "affected",
"version": "9.1.2",
"versionType": "rpm, exe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003ePossible \nExternal Service Interaction attack\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u0026nbsp;\u003c/strong\u003e\u003cstrong\u003e9.2.6.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
}
],
"value": "Possible \nExternal Service Interaction attack\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u00a09.2.6.0000."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:42:19.675Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible External service interaction Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-38132",
"datePublished": "2024-09-12T12:42:19.675Z",
"dateReserved": "2021-08-04T20:57:01.491Z",
"dateUpdated": "2024-09-12T13:05:51.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38133 (GCVE-0-2021-38133)
Vulnerability from cvelistv5 – Published: 2024-09-12 12:41 – Updated: 2024-09-12 12:58
VLAI?
Title
Possible Improper authentication Vulnerability in OpenText eDirectory
Summary
Possible
External Service Interaction attack
in eDirectory has been discovered in
OpenText™ eDirectory. This impact all version before 9.2.6.0000.
Severity ?
7.4 (High)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | eDirectory |
Affected:
9.2.0 , ≤ 9.2.5.0000
(rpm, exe)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T12:58:03.843046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:58:13.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "eDirectory",
"vendor": "OpenText",
"versions": [
{
"lessThanOrEqual": "9.2.5.0000",
"status": "affected",
"version": "9.2.0",
"versionType": "rpm, exe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003ePossible \nExternal Service Interaction attack\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u0026nbsp;\u003c/strong\u003e\u003cstrong\u003e9.2.6.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
}
],
"value": "Possible \nExternal Service Interaction attack\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u00a09.2.6.0000."
}
],
"impacts": [
{
"capecId": "CAPEC-112",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-112 Brute Force"
}
]
},
{
"capecId": "CAPEC-16",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-16 Dictionary-based Password Attack"
}
]
},
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
},
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70 Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:41:46.807Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible Improper authentication Vulnerability in OpenText eDirectory",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-38133",
"datePublished": "2024-09-12T12:41:46.807Z",
"dateReserved": "2021-08-04T20:57:01.491Z",
"dateUpdated": "2024-09-12T12:58:13.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17952 (GCVE-0-2018-17952)
Vulnerability from cvelistv5 – Published: 2018-12-12 14:00 – Updated: 2024-08-05 11:01
VLAI?
Summary
Cross site scripting vulnerability in eDirectory prior to 9.1 SP2
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ eDirectory 9.1 SP2 |
Affected:
All versions prior to version 9.1 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ eDirectory 9.1 SP2",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 9.1 SP2"
}
]
}
],
"datePublic": "2018-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting vulnerability in eDirectory prior to 9.1 SP2"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:48",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-17952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ eDirectory 9.1 SP2",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 9.1 SP2"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross site scripting vulnerability in eDirectory prior to 9.1 SP2"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html",
"refsource": "MISC",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-17952",
"datePublished": "2018-12-12T14:00:00",
"dateReserved": "2018-10-03T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17950 (GCVE-0-2018-17950)
Vulnerability from cvelistv5 – Published: 2018-12-12 14:00 – Updated: 2024-08-05 11:01
VLAI?
Summary
Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2
Severity ?
No CVSS data available.
CWE
- Improper Access
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ eDirectory 9.1 SP2 |
Affected:
All versions prior to version 9.1 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ eDirectory 9.1 SP2",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 9.1 SP2"
}
]
}
],
"datePublic": "2018-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:47",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-17950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ eDirectory 9.1 SP2",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 9.1 SP2"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html",
"refsource": "MISC",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-17950",
"datePublished": "2018-12-12T14:00:00",
"dateReserved": "2018-10-03T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7692 (GCVE-0-2018-7692)
Vulnerability from cvelistv5 – Published: 2018-08-09 21:00 – Updated: 2024-09-16 19:20
VLAI?
Summary
Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.
Severity ?
No CVSS data available.
CWE
- Redirection vulnerability.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ eDirectory Versions prior to 9.1.1 HF1 |
Affected:
Versions prior to 9.1.1 HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ eDirectory Versions prior to 9.1.1 HF1",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Versions prior to 9.1.1 HF1"
}
]
}
],
"datePublic": "2018-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Redirection vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:42",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-08-09T00:00:00",
"ID": "CVE-2018-7692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ eDirectory Versions prior to 9.1.1 HF1",
"version": {
"version_data": [
{
"version_value": "Versions prior to 9.1.1 HF1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Redirection vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html",
"refsource": "MISC",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7692",
"datePublished": "2018-08-09T21:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-16T19:20:45.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7686 (GCVE-0-2018-7686)
Vulnerability from cvelistv5 – Published: 2018-08-09 21:00 – Updated: 2024-09-17 03:43
VLAI?
Summary
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
Severity ?
No CVSS data available.
CWE
- Information Leakage.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | eDirectory (ZDI) |
Affected:
Versions prior to 9.1.1 HF1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eDirectory (ZDI)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Versions prior to 9.1.1 HF1"
}
]
}
],
"datePublic": "2018-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Leakage.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:43",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-08-09T00:00:00",
"ID": "CVE-2018-7686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eDirectory (ZDI)",
"version": {
"version_data": [
{
"version_value": "Versions prior to 9.1.1 HF1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Leakage."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html",
"refsource": "MISC",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7686",
"datePublished": "2018-08-09T21:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-17T03:43:00.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9285 (GCVE-0-2017-9285)
Vulnerability from cvelistv5 – Published: 2018-03-02 20:00 – Updated: 2024-09-17 00:25
VLAI?
Title
Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface
Summary
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
Severity ?
5.4 (Medium)
CWE
- Lack of access checks
- CWE-284
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | eDirectory |
Affected:
unspecified , < 9.0 SP4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eDirectory",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "9.0 SP4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when \"ebaclient\" was used, allowing unpermitted access to eDirectory services."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Lack of access checks",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:35",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
}
],
"source": {
"defect": [
"1029077"
],
"discovery": "INTERNAL"
},
"title": "Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2017-10-02T00:00:00.000Z",
"ID": "CVE-2017-9285",
"STATE": "PUBLIC",
"TITLE": "Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eDirectory",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "9.0 SP4"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when \"ebaclient\" was used, allowing unpermitted access to eDirectory services."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Lack of access checks"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7016794",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1029077",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
},
{
"name": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
}
]
},
"source": {
"defect": [
"1029077"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-9285",
"datePublished": "2018-03-02T20:00:00Z",
"dateReserved": "2017-05-29T00:00:00",
"dateUpdated": "2024-09-17T00:25:58.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7429 (GCVE-0-2017-7429)
Vulnerability from cvelistv5 – Published: 2018-03-02 20:00 – Updated: 2024-09-16 23:35
VLAI?
Title
Fix for NetIQ shell code upload
Summary
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
Severity ?
8.8 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | eDirectory |
Affected:
unspecified , < 8.8.8 Patch 10 HF1
(custom)
|
Credits
SySS GmbH
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eDirectory",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "8.8.8 Patch 10 HF1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "SySS GmbH"
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:34",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
}
],
"source": {
"defect": [
"1024957"
],
"discovery": "EXTERNAL"
},
"title": "Fix for NetIQ shell code upload",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2017-10-02T00:00:00.000Z",
"ID": "CVE-2017-7429",
"STATE": "PUBLIC",
"TITLE": "Fix for NetIQ shell code upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eDirectory",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "8.8.8 Patch 10 HF1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SySS GmbH"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1024957",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"name": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
}
]
},
"source": {
"defect": [
"1024957"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-7429",
"datePublished": "2018-03-02T20:00:00Z",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-09-16T23:35:59.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0428 (GCVE-0-2012-0428)
Vulnerability from cvelistv5 – Published: 2012-12-25 11:00 – Updated: 2024-08-06 18:23
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027911",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027911"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011539"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-14T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1027911",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027911"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011539"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027911",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027911"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7011539",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7011539"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=772899",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772899"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0428",
"datePublished": "2012-12-25T11:00:00",
"dateReserved": "2012-01-09T00:00:00",
"dateUpdated": "2024-08-06T18:23:30.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0429 (GCVE-0-2012-0429)
Vulnerability from cvelistv5 – Published: 2012-12-25 11:00 – Updated: 2024-08-06 18:23
VLAI?
Summary
dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027912",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027912"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011533"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772895"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-14T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1027912",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027912"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011533"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772895"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027912",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027912"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7011533",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7011533"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=772895",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772895"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0429",
"datePublished": "2012-12-25T11:00:00",
"dateReserved": "2012-01-09T00:00:00",
"dateUpdated": "2024-08-06T18:23:30.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}