📦

edirectory

Vendor: netiq

Actively Exploited 0 CISA KEV List

PoC / Exploits 9 Code Available

Total RCEs 14 Remote Access

Total CVEs 21 Total Indexed

Avg. EPSS 12.02% Exploit Prob.

Latest CVE CVE-2019-25675 Apr 05

Security Vulnerability Index

Page 3 / 3

7.5 CVSS

CVE-2016-5747

A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies.

EPSS: 0.33%

Severity: HIGH

Mar 23, 2017

4.0 CVSS

CVE-2014-5213

nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote authenticated users to obtain sensitive information from process memory via a direct request.

EPSS: 2.05%

Severity: MEDIUM

Dec 19, 2014

4.3 CVSS

CVE-2014-5212

Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn parameter.

EPSS: 12.72%

Severity: MEDIUM

Dec 19, 2014

10.0 CVSS

CVE-2012-0432

Exploit Found

Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.

EPSS: 85.18%

Severity: HIGH

Dec 25, 2012

6.4 CVSS

CVE-2012-0430

Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors.

EPSS: 0.28%

Severity: MEDIUM

Dec 25, 2012

4.0 CVSS

CVE-2012-0429

dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request.

EPSS: 0.63%

Severity: MEDIUM

Dec 25, 2012

4.3 CVSS

CVE-2012-0428

Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

EPSS: 0.26%

Severity: MEDIUM

Dec 25, 2012

5.0 CVSS

CVE-2010-4327

Unspecified vulnerability in the NCP service in Novell eDirectory 8.8.5 before 8.8.5.6 and 8.8.6 before 8.8.6.2 allows remote attackers to cause a denial of service (hang) via a malformed FileSetLock request to port 524.

EPSS: 1.29%

Severity: MEDIUM

Feb 10, 2011

7.5 CVSS

CVE-2009-4655

Exploit Found

The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.

EPSS: 60.34%

Severity: HIGH

Feb 26, 2010

9.0 CVSS

CVE-2009-4654

Exploit Found

Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk.

EPSS: 12.50%

Severity: HIGH

Feb 26, 2010

Displaying 10 of 21 Total Entries

1 2 3

Total 3 Sections