7.5
CVSS
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
Severity: HIGH
📦
edirectory
Vendor: netiq
Actively Exploited
0
CISA KEV List
PoC / Exploits
9
Code Available
Total RCEs
14
Remote Access
Total CVEs
21
Total Indexed
Avg. EPSS
12.02%
Exploit Prob.
Security Vulnerability Index
Page 2 / 3
3.5
CVSS
Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation.
Severity: LOW
3.1
CVSS
Addresses denial of service attack to eDirectory versions prior to 9.1.
Severity: LOW
5.4
CVSS
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
Severity: MEDIUM
4.2
CVSS
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.
Severity: MEDIUM
6.5
CVSS
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.
Severity: MEDIUM
8.8
CVSS
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
Severity: HIGH
7.5
CVSS
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.
Severity: HIGH
6.5
CVSS
A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking.
Severity: MEDIUM
7.5
CVSS
NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL.
Severity: HIGH