| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-9285 | 7.5 |
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
|
13-04-2021 - 13:39 | 02-03-2018 - 20:29 | |
| CVE-2017-9267 | 5.0 |
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.
|
09-10-2019 - 23:30 | 02-03-2018 - 20:29 | |
| CVE-2017-9277 | 5.0 |
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.
|
09-10-2019 - 23:30 | 02-03-2018 - 20:29 | |
| CVE-2017-5186 | 4.3 |
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications
|
03-10-2019 - 00:03 | 27-04-2017 - 14:59 | |
| CVE-2016-9167 | 5.0 |
NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL.
|
05-04-2017 - 01:59 | 23-03-2017 - 06:59 | |
| CVE-2016-9168 | 4.3 |
A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking.
|
05-04-2017 - 01:59 | 23-03-2017 - 06:59 | |
| CVE-2016-5747 | 5.0 |
A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies.
|
27-03-2017 - 16:36 | 23-03-2017 - 06:59 |