📦

access_manager

Vendor: netiq

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 0 Code Available
Total RCEs 3 Remote Access
Total CVEs 232 Total Indexed
Avg. EPSS 0.29% Exploit Prob.
Latest CVE CVE-2020-11843 Jun 11

Security Vulnerability Index

Page 2 / 24
9.8 CVSS
CVE-2017-14803
RCE

In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system.

EPSS: 0.89%
6.1 CVSS
CVE-2017-5191

An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.

EPSS: 0.24%
6.1 CVSS
CVE-2017-5183

NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document.

EPSS: 0.24%
3.1 CVSS
CVE-2017-5190

NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile.

EPSS: 0.24%
8.8 CVSS
CVE-2016-5758

A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load.

EPSS: 0.14%
9.8 CVSS
CVE-2016-5757

iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials.

EPSS: 1.07%
6.1 CVSS
CVE-2016-5756

Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl, roma/jsp/admin/appliance/devicedetail_edit.jsp, roma/jsp/admin/managementip/mgmt_ip_details_frameset.jsp, roma/jsp/admin/managementip/mgmt_ip_details_middleframe.jsp, roma/jsp/volsc/monitoring/appliance.jsp, and roma/jsp/volsc/monitoring/graph.jsp.

EPSS: 0.24%
6.5 CVSS
CVE-2016-5755

NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting.

EPSS: 0.13%
7.5 CVSS
CVE-2016-5754

Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2.

EPSS: 0.30%
7.5 CVSS
CVE-2016-5752

The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester.

EPSS: 0.30%