CVE-2026-34283

all versions

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported version

6.1MEDIUM

CVE-2026-21992

all versions

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Serv

9.8CRITICAL

CVE-2025-61757

all versions

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that

9.8CRITICAL

CVE-2023-20884

all versions

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious

6.1MEDIUM

CVE-2022-26329

< 4.8.5

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine wheth

1.8LOW

CVE-2022-31700

all versions

VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. VMware has evaluate

7.2HIGH

CVE-2022-31665

all versions

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious a

7.2HIGH

CVE-2022-31664

all versions

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious ac

7.8HIGH

CVE-2022-31663

all versions

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability

6.1MEDIUM

CVE-2022-31662

all versions

VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malici

7.5HIGH

CVE-2022-31661

all versions

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A maliciou

7.8HIGH

CVE-2022-31660

all versions

VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious a

7.8HIGH

CVE-2022-31659

all versions

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrat

7.2HIGH

CVE-2022-31658

all versions

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious a

7.2HIGH

CVE-2022-31657

all versions

VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may

9.8CRITICAL

CVE-2022-31656

all versions

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting loc

9.8CRITICAL

CVE-2022-22973

all versions

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access

7.8HIGH

CVE-2022-22972

all versions

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting loc

9.8CRITICAL

CVE-2022-22961

all versions

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to retur

5.3MEDIUM

CVE-2022-22960

all versions

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper

7.8HIGH

CVE-2022-22959

all versions

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. A malici

4.3MEDIUM

CVE-2022-22958

all versions

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-

7.2HIGH

CVE-2022-22957

all versions

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-

7.2HIGH

CVE-2022-22956

all versions

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS fram

9.8CRITICAL

CVE-2022-22955

all versions

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS fram

9.8CRITICAL

CVE-2022-22954

all versions

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injecti

9.8CRITICAL

CVE-2021-22056

all versions

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability

7.5HIGH

CVE-2021-22003

all versions

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with n

7.5HIGH

CVE-2021-22002

all versions

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed vi

9.8CRITICAL

CVE-2021-2458

all versions

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported versions that a

7.6HIGH

CVE-2021-2457

all versions

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Request Management & Workflow). The supporte

5.3MEDIUM

CVE-2020-4006

all versions

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection v

9.1CRITICAL

CVE-2020-25839

all versions

NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in

9.8CRITICAL

CVE-2020-17465

all versions

Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. The vulnerability

6.1MEDIUM

CVE-2020-11849

< 4.7.3

Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3

9.8CRITICAL

CVE-2020-2729

all versions

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Advanced Console). Supported versions that a

5.4MEDIUM

CVE-2020-2728

all versions

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM - LDAP user and role Synch). The support

7.5HIGH

CVE-2019-2858

all versions

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Advanced Console). Supported ver

4.3MEDIUM

CVE-2019-2729

all versions

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions

9.8CRITICAL

CVE-2016-1600

< 4.6

The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability.

7.5HIGH

CVE-2019-11358

all versions

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Objec

6.1MEDIUM

CVE-2018-3179

all versions

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Advanced Console). Supported ver

7.2HIGH

CVE-2017-9284

>= 4.6 and < 4.6.2.1

IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information.

4.8MEDIUM

CVE-2018-7676

<= 4.6

The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information.

3.9LOW

CVE-2018-7674

<= 4.6

The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.

2.1LOW

CVE-2018-7673

<= 4.6

The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack.

5.1MEDIUM

CVE-2018-1350

<= 4.6

The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration.

2.3LOW

CVE-2018-1349

<= 4.6

The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration e

2.3LOW

CVE-2018-1348

<= 4.6

NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM at

5.3MEDIUM

CVE-2017-7427

>= 2.7.7.7 and < 4.6.1

Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Mana

5.4MEDIUM

CVE-2017-9280

< 4.5.6.1

Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allow

4.3MEDIUM

CVE-2017-9279

< 4.5.6.1

NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling o

2.0LOW

CVE-2017-9278

< 4.0.2.0

The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potential

3.3LOW

CVE-2017-7434

< 4.6

In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being l

3.3LOW

CVE-2017-7426

< 4.6.1

The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used

5.4MEDIUM

CVE-2017-15095

all versions

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenti

9.8CRITICAL

CVE-2017-10151

all versions

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported vers

10.0CRITICAL

CVE-2017-9393

all versions

CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked account

9.8CRITICAL

CVE-2017-3553

all versions

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). The supported ver

9.9CRITICAL

CVE-2016-5334

>= 2.0 and < 2.7.1

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and

5.3MEDIUM

CVE-2016-1598

all versions

XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML co

5.4MEDIUM

CVE-2016-1592

<= 4.5.2

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitleme

6.1MEDIUM

CVE-2015-0787

<= 4.5.2

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN

6.1MEDIUM

CVE-2016-5506

all versions

Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware allows local users to affect confid

3.1LOW

CVE-2016-5335

>= 2.0 and < 2.7

VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspec

7.8HIGH

CVE-2014-4509

all versions

The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 al

CVE-2014-2880

all versions

Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and

CVE-2010-4324

all versions

Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0

CVE-2010-3264

all versions

The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows

CVE-2007-6625

all versions

The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manager (IDM) 3.5.1 allows remote a

CVE-2007-4526

<= 3.5

The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file

CVE-2006-4803

all versions

The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary command

CVE-2006-4506

all versions

idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors