CVE-2017-7434
In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles.
Source: CVE-2017-7434
[월:] 2018년 03월
CVE-2017-9279
CVE-2017-9279
NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users.
Source: CVE-2017-9279
CVE-2017-7438
CVE-2017-7438
NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter.
Source: CVE-2017-7438
CVE-2017-9267
CVE-2017-9267
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.
Source: CVE-2017-9267
CVE-2017-9276
CVE-2017-9276
Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter.
Source: CVE-2017-9276
CVE-2017-14801
CVE-2017-14801
Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter.
Source: CVE-2017-14801
CVE-2017-14802
CVE-2017-14802
Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites.
Source: CVE-2017-14802
CVE-2017-9277
CVE-2017-9277
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.
Source: CVE-2017-9277
CVE-2015-0796
CVE-2015-0796
In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service.
Source: CVE-2015-0796
CVE-2017-9280
CVE-2017-9280
Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar.
Source: CVE-2017-9280