📦

imanager

Vendor: netiq

Actively Exploited 0 CISA KEV List

PoC / Exploits 2 Code Available

Total RCEs 10 Remote Access

Total CVEs 108 Total Indexed

Avg. EPSS 2.28% Exploit Prob.

Latest CVE CVE-2023-24467 Nov 22

Security Vulnerability Index

Page 4 / 11

8.8 CVSS

CVE-2017-7431

Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.

EPSS: 0.27%

Severity: HIGH

May 03, 2017

6.1 CVSS

CVE-2017-7430

Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.

EPSS: 0.66%

Severity: MEDIUM

May 03, 2017

5.3 CVSS

CVE-2017-7428

NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat.

EPSS: 0.34%

Severity: MEDIUM

May 03, 2017

7.5 CVSS

CVE-2017-5186

Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.

EPSS: 0.47%

Severity: HIGH

Apr 27, 2017

10.0 CVSS

CVE-2013-3268

Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors.

EPSS: 0.17%

Severity: HIGH

Apr 24, 2013

6.8 CVSS

CVE-2013-1088

Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.

EPSS: 0.26%

Severity: MEDIUM

Apr 24, 2013

4.0 CVSS

CVE-2011-4188

Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted EnteredAttrName parameter, a related issue to CVE-2010-1929.

EPSS: 3.85%

Severity: MEDIUM

Apr 09, 2012

5.0 CVSS

CVE-2010-1930

Exploit Found

Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc.

EPSS: 23.05%

Severity: MEDIUM

Jun 28, 2010

9.0 CVSS

CVE-2010-1929

Exploit Found

Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc.

EPSS: 24.27%

Severity: HIGH

Jun 28, 2010

7.5 CVSS

CVE-2009-4486

RCE

Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote attackers to execute arbitrary code via vectors that trigger long arguments to an unspecified sub-application, related to importing and exporting from a schema.

EPSS: 26.76%

Severity: HIGH

Jan 08, 2010

Displaying 10 of 108 Total Entries

2 3 4 5 6 ... 11

Total 11 Sections