Search criteria
14 vulnerabilities found for NetIQ Access Manager by Micro Focus
CVE-2022-26326 (GCVE-0-2022-26326)
Vulnerability from cvelistv5 – Published: 2022-05-02 18:43 – Updated: 2024-08-03 05:03
VLAI?
Title
Potential open redirection vulnerability in NetIQ Access Manager versions prior to version 5.0.2
Summary
Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2
Severity ?
4 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "5.0.2",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T18:43:42",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Potential open redirection vulnerability in NetIQ Access Manager versions prior to version 5.0.2",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.2"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2022-26326",
"STATE": "PUBLIC",
"TITLE": "Potential open redirection vulnerability in NetIQ Access Manager versions prior to version 5.0.2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.2"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.2"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-26326",
"datePublished": "2022-05-02T18:43:42",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26325 (GCVE-0-2022-26325)
Vulnerability from cvelistv5 – Published: 2022-05-02 18:41 – Updated: 2024-08-03 05:03
VLAI?
Title
Cross Site Scripting vulnerability in NetIQ Access Manager versions prior to version 5.0.2
Summary
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2
Severity ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "5.0.2",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T18:41:42",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Cross Site Scripting vulnerability in NetIQ Access Manager versions prior to version 5.0.2",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.2"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2022-26325",
"STATE": "PUBLIC",
"TITLE": "Cross Site Scripting vulnerability in NetIQ Access Manager versions prior to version 5.0.2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.2"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"
}
]
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.2"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-26325",
"datePublished": "2022-05-02T18:41:42",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22526 (GCVE-0-2021-22526)
Vulnerability from cvelistv5 – Published: 2021-09-13 12:00 – Updated: 2024-09-16 18:43
VLAI?
Title
Open Redirection vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
Summary
Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Severity ?
4.9 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:13.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025257"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"changes": [
{
"at": "4.5.4",
"status": "unaffected"
}
],
"lessThan": "5.0.1",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T12:00:50",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025257"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Open Redirection vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-08-31T00:00:00.000Z",
"ID": "CVE-2021-22526",
"STATE": "PUBLIC",
"TITLE": "Open Redirection vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.1"
},
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "4.5.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025257",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7025257"
}
]
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22526",
"datePublished": "2021-09-13T12:00:50.890830Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-16T18:43:47.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22524 (GCVE-0-2021-22524)
Vulnerability from cvelistv5 – Published: 2021-09-13 11:58 – Updated: 2024-09-17 01:35
VLAI?
Title
Denial of service vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
Summary
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Severity ?
5.4 (Medium)
CWE
- CWE-91 - XML Injection (aka Blind XPath Injection)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.1
(custom)
|
Credits
Special thanks to Sipke Mellema for responsibly disclosing this vulnerability
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"changes": [
{
"at": "4.5.4",
"status": "unaffected"
}
],
"lessThan": "5.0.1",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Sipke Mellema for responsibly disclosing this vulnerability"
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-91",
"description": "CWE-91 XML Injection (aka Blind XPath Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T11:58:31",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025256"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial of service vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-08-31T00:00:00.000Z",
"ID": "CVE-2021-22524",
"STATE": "PUBLIC",
"TITLE": "Denial of service vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.1"
},
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "4.5.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks to Sipke Mellema for responsibly disclosing this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-91 XML Injection (aka Blind XPath Injection)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025256",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7025256"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22524",
"datePublished": "2021-09-13T11:58:31.576666Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-17T01:35:57.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22527 (GCVE-0-2021-22527)
Vulnerability from cvelistv5 – Published: 2021-09-13 11:56 – Updated: 2024-09-16 23:30
VLAI?
Title
Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
Summary
Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Severity ?
6 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"changes": [
{
"at": "4.5.4",
"status": "unaffected"
}
],
"lessThan": "5.0.1",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T11:56:22",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025258"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-08-31T00:00:00.000Z",
"ID": "CVE-2021-22527",
"STATE": "PUBLIC",
"TITLE": "Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.1"
},
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "4.5.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025258",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7025258"
}
]
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22527",
"datePublished": "2021-09-13T11:56:22.591599Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-16T23:30:39.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22528 (GCVE-0-2021-22528)
Vulnerability from cvelistv5 – Published: 2021-09-13 11:42 – Updated: 2024-09-17 02:21
VLAI?
Title
Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
Summary
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Severity ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.1
(custom)
|
Credits
Special thanks to the researcher community for reporting this to us as part of responsible disclosure, anonymously
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025259"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"changes": [
{
"at": "4.5.4",
"status": "unaffected"
}
],
"lessThan": "5.0.1",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to the researcher community for reporting this to us as part of responsible disclosure, anonymously"
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T11:42:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025259"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-08-31T00:00:00.000Z",
"ID": "CVE-2021-22528",
"STATE": "PUBLIC",
"TITLE": "Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.1"
},
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "4.5.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks to the researcher community for reporting this to us as part of responsible disclosure, anonymously"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025259",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7025259"
},
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22528",
"datePublished": "2021-09-13T11:42:07.116392Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-17T02:21:09.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14803 (GCVE-0-2017-14803)
Vulnerability from cvelistv5 – Published: 2018-01-20 00:00 – Updated: 2024-09-16 23:06
VLAI?
Summary
In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system.
Severity ?
No CVSS data available.
CWE
- Directory Traversal Information Disclosure Vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
4.3
Affected: 4.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022443"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"status": "affected",
"version": "4.4"
}
]
}
],
"datePublic": "2017-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal Information Disclosure Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:32",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022443"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-12-08T00:00:00",
"ID": "CVE-2017-14803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"version_value": "4.3"
},
{
"version_value": "4.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal Information Disclosure Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7022443",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7022443"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-14803",
"datePublished": "2018-01-20T00:00:00Z",
"dateReserved": "2017-09-27T00:00:00",
"dateUpdated": "2024-09-16T23:06:39.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26326 (GCVE-0-2022-26326)
Vulnerability from nvd – Published: 2022-05-02 18:43 – Updated: 2024-08-03 05:03
VLAI?
Title
Potential open redirection vulnerability in NetIQ Access Manager versions prior to version 5.0.2
Summary
Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2
Severity ?
4 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "5.0.2",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T18:43:42",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Potential open redirection vulnerability in NetIQ Access Manager versions prior to version 5.0.2",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.2"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2022-26326",
"STATE": "PUBLIC",
"TITLE": "Potential open redirection vulnerability in NetIQ Access Manager versions prior to version 5.0.2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.2"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.2"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-26326",
"datePublished": "2022-05-02T18:43:42",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26325 (GCVE-0-2022-26325)
Vulnerability from nvd – Published: 2022-05-02 18:41 – Updated: 2024-08-03 05:03
VLAI?
Title
Cross Site Scripting vulnerability in NetIQ Access Manager versions prior to version 5.0.2
Summary
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2
Severity ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "5.0.2",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T18:41:42",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Cross Site Scripting vulnerability in NetIQ Access Manager versions prior to version 5.0.2",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.2"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2022-26325",
"STATE": "PUBLIC",
"TITLE": "Cross Site Scripting vulnerability in NetIQ Access Manager versions prior to version 5.0.2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.2"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"
}
]
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.2"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-26325",
"datePublished": "2022-05-02T18:41:42",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22526 (GCVE-0-2021-22526)
Vulnerability from nvd – Published: 2021-09-13 12:00 – Updated: 2024-09-16 18:43
VLAI?
Title
Open Redirection vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
Summary
Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Severity ?
4.9 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:13.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025257"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"changes": [
{
"at": "4.5.4",
"status": "unaffected"
}
],
"lessThan": "5.0.1",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T12:00:50",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025257"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Open Redirection vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-08-31T00:00:00.000Z",
"ID": "CVE-2021-22526",
"STATE": "PUBLIC",
"TITLE": "Open Redirection vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.1"
},
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "4.5.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025257",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7025257"
}
]
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22526",
"datePublished": "2021-09-13T12:00:50.890830Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-16T18:43:47.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22524 (GCVE-0-2021-22524)
Vulnerability from nvd – Published: 2021-09-13 11:58 – Updated: 2024-09-17 01:35
VLAI?
Title
Denial of service vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
Summary
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Severity ?
5.4 (Medium)
CWE
- CWE-91 - XML Injection (aka Blind XPath Injection)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.1
(custom)
|
Credits
Special thanks to Sipke Mellema for responsibly disclosing this vulnerability
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"changes": [
{
"at": "4.5.4",
"status": "unaffected"
}
],
"lessThan": "5.0.1",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Sipke Mellema for responsibly disclosing this vulnerability"
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-91",
"description": "CWE-91 XML Injection (aka Blind XPath Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T11:58:31",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025256"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial of service vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-08-31T00:00:00.000Z",
"ID": "CVE-2021-22524",
"STATE": "PUBLIC",
"TITLE": "Denial of service vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.1"
},
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "4.5.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks to Sipke Mellema for responsibly disclosing this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-91 XML Injection (aka Blind XPath Injection)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025256",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7025256"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22524",
"datePublished": "2021-09-13T11:58:31.576666Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-17T01:35:57.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22527 (GCVE-0-2021-22527)
Vulnerability from nvd – Published: 2021-09-13 11:56 – Updated: 2024-09-16 23:30
VLAI?
Title
Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
Summary
Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Severity ?
6 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"changes": [
{
"at": "4.5.4",
"status": "unaffected"
}
],
"lessThan": "5.0.1",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T11:56:22",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025258"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-08-31T00:00:00.000Z",
"ID": "CVE-2021-22527",
"STATE": "PUBLIC",
"TITLE": "Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.1"
},
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "4.5.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
},
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025258",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7025258"
}
]
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22527",
"datePublished": "2021-09-13T11:56:22.591599Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-16T23:30:39.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22528 (GCVE-0-2021-22528)
Vulnerability from nvd – Published: 2021-09-13 11:42 – Updated: 2024-09-17 02:21
VLAI?
Title
Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
Summary
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Severity ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.1
(custom)
|
Credits
Special thanks to the researcher community for reporting this to us as part of responsible disclosure, anonymously
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025259"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"changes": [
{
"at": "4.5.4",
"status": "unaffected"
}
],
"lessThan": "5.0.1",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to the researcher community for reporting this to us as part of responsible disclosure, anonymously"
}
],
"datePublic": "2021-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-13T11:42:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025259"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2021-08-31T00:00:00.000Z",
"ID": "CVE-2021-22528",
"STATE": "PUBLIC",
"TITLE": "Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.1"
},
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "4.5.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks to the researcher community for reporting this to us as part of responsible disclosure, anonymously"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025259",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7025259"
},
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.1 or 4.5.4"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22528",
"datePublished": "2021-09-13T11:42:07.116392Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-17T02:21:09.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14803 (GCVE-0-2017-14803)
Vulnerability from nvd – Published: 2018-01-20 00:00 – Updated: 2024-09-16 23:06
VLAI?
Summary
In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system.
Severity ?
No CVSS data available.
CWE
- Directory Traversal Information Disclosure Vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
4.3
Affected: 4.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022443"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"status": "affected",
"version": "4.4"
}
]
}
],
"datePublic": "2017-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal Information Disclosure Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:32",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7022443"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-12-08T00:00:00",
"ID": "CVE-2017-14803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"version_value": "4.3"
},
{
"version_value": "4.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal Information Disclosure Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7022443",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7022443"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-14803",
"datePublished": "2018-01-20T00:00:00Z",
"dateReserved": "2017-09-27T00:00:00",
"dateUpdated": "2024-09-16T23:06:39.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}