📦

access_manager

Vendor: netiq

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 3 Remote Access

Total CVEs 232 Total Indexed

Avg. EPSS 0.29% Exploit Prob.

Latest CVE CVE-2020-11843 Jun 11

Security Vulnerability Index

Page 3 / 24

6.1 CVSS

CVE-2016-5751

An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials.

EPSS: 0.23%

Severity: MEDIUM

Mar 23, 2017

8.8 CVSS

CVE-2016-5750

The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users.

EPSS: 0.63%

Severity: HIGH

Mar 23, 2017

5.5 CVSS

CVE-2016-5749

NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.

EPSS: 0.07%

Severity: MEDIUM

Mar 23, 2017

5.5 CVSS

CVE-2016-5748

External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users.

EPSS: 0.05%

Severity: MEDIUM

Mar 23, 2017

Displaying 4 of 232 Total Entries

1 2 3 4 5 ... 24

Total 24 Sections