threat
engine
.sh
Back
·
··:··
Home
/
Product
/
netiq access manager
Product
netiq access manager
68 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2020-11843
< 4.4
This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before
6.5
MEDIUM
CVE-2023-21859
all versions
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported
4.4
MEDIUM
CVE-2022-39412
all versions
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console). The supported version t
7.5
HIGH
CVE-2022-39405
all versions
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported v
5.3
MEDIUM
CVE-2021-22531
all versions
A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulne
6.1
MEDIUM
CVE-2021-35587
all versions
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that
9.8
CRITICAL
CVE-2021-22528
>= 4.5.0 and < 4.5.4
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
8.0
HIGH
CVE-2021-22527
>= 4.5.0 and < 4.5.4
Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
6.0
MEDIUM
CVE-2021-22526
>= 4.5.0 and < 4.5.4
Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
4.9
MEDIUM
CVE-2021-22524
>= 4.5.0 and < 4.5.4
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
5.4
MEDIUM
CVE-2021-22525
< 5.0.1
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1
5.5
MEDIUM
CVE-2021-2358
all versions
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Rest interfaces for Access Mgr). The su
4.9
MEDIUM
CVE-2021-29425
all versions
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo",
4.8
MEDIUM
CVE-2021-22506
< 5.0
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior
7.5
HIGH
CVE-2020-25840
< 5.0
Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerabil
6.1
MEDIUM
CVE-2021-22496
< 4.5.3.3
Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulne
7.5
HIGH
CVE-2020-2747
all versions
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: SSO Engine). Supported versions that ar
5.4
MEDIUM
CVE-2020-2745
all versions
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Federation). Supported versions that ar
4.3
MEDIUM
CVE-2020-2740
all versions
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Supported versi
4.6
MEDIUM
CVE-2020-2555
all versions
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported ve
9.8
CRITICAL
CVE-2019-10219
all versions
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting
6.1
MEDIUM
CVE-2018-18256
all versions
An issue was discovered in CapMon Access Manager 5.4.1.1005. A regular user can obtain local administrator privileges if they run
7.8
HIGH
CVE-2018-18255
<= 5.4.1.1005
An issue was discovered in CapMon Access Manager 5.4.1.1005. The client applications of AccessManagerCoreService.exe communicate w
7.8
HIGH
CVE-2018-18254
<= 5.4.1.1005
An issue was discovered in CapMon Access Manager 5.4.1.1005. An unprivileged user can read the cal_whitelist table in the Custom A
7.8
HIGH
CVE-2018-18253
<= 5.4.1.1005
An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe attempts to enforce access control by adding an un
7.0
HIGH
CVE-2018-18252
all versions
An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides "NT AUTHORITY\SYSTEM" access to unprivile
7.8
HIGH
CVE-2018-17948
< 4.4
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
6.1
MEDIUM
CVE-2018-12480
all versions
Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3.
6.1
MEDIUM
CVE-2018-10197
< 9.18.040
There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040
9.8
CRITICAL
CVE-2018-2879
all versions
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Authentication Engine). Supported
9.0
CRITICAL
CVE-2018-2739
all versions
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported vers
9.3
CRITICAL
CVE-2018-2587
all versions
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported vers
6.5
MEDIUM
CVE-2018-7678
all versions
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.
3.5
LOW
CVE-2018-7677
all versions
A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.
3.5
LOW
CVE-2017-9276
< 4.3.3
Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected ba
5.4
MEDIUM
CVE-2017-7419
>= 4.2 and < 4.2.4
A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unes
4.6
MEDIUM
CVE-2017-14802
<= 4.3
Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unva
5.4
MEDIUM
CVE-2017-14801
< 4.3.3
Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url pa
4.6
MEDIUM
CVE-2017-14800
< 4.3.3
A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the poli
5.4
MEDIUM
CVE-2017-14799
< 4.3.3
A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to i
4.6
MEDIUM
CVE-2018-1342
all versions
A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute th
9.8
CRITICAL
CVE-2017-14803
all versions
In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the Basi
9.8
CRITICAL
CVE-2017-10262
all versions
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported
5.9
MEDIUM
CVE-2017-10154
all versions
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported
5.3
MEDIUM
CVE-2017-5191
all versions
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not va
6.1
MEDIUM
CVE-2017-5183
all versions
NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerService
6.1
MEDIUM
CVE-2017-5190
<= 4.3
NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attribu
3.1
LOW
CVE-2016-5758
all versions
A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be
8.8
HIGH
CVE-2016-5757
all versions
iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulati
9.8
CRITICAL
CVE-2016-5756
all versions
Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Re
6.1
MEDIUM
CVE-2016-5755
all versions
NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEO
6.5
MEDIUM
CVE-2016-5754
all versions
Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2.
7.5
HIGH
CVE-2016-5752
all versions
The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigne
7.5
HIGH
CVE-2016-5751
all versions
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1
6.1
MEDIUM
CVE-2016-5750
all versions
The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used t
8.8
HIGH
CVE-2016-5749
all versions
NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution
5.5
MEDIUM
CVE-2016-5748
all versions
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1
5.5
MEDIUM
CVE-2014-9412
all versions
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject
CVE-2014-5217
all versions
Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager
CVE-2014-5216
all versions
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to i
CVE-2014-5215
all versions
NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords v
CVE-2014-5214
all versions
nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remo
CVE-2010-0284
all versions
Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in th
CVE-2009-4879
<= 3.1
The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authentica
CVE-2009-4878
<= 3.1
Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system
CVE-2008-6722
all versions
Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to ob
CVE-2007-3570
all versions
The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspe
CVE-2007-1309
all versions
Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-on
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin