📦

access_manager

Vendor: capmon

Login to add this product to WatchStack
Actively Exploited 3 CISA KEV List
PoC / Exploits 5 Code Available
Total RCEs 4 Remote Access
Total CVEs 5 Total Indexed
Avg. EPSS 4.37% Exploit Prob.
Latest CVE CVE-2020-11843 Jun 11

Security Vulnerability Index

Page 1 / 1
6.5 CVSS
CVE-2020-11843

This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before

EPSS: 0.38%
4.4 CVSS
CVE-2023-21859

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Access Manager executes to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

EPSS: 0.16%
7.5 CVSS
CVE-2022-39412

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

EPSS: 4.25%
5.3 CVSS
CVE-2022-39405

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Access Manager accessible data. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

EPSS: 1.22%
6.1 CVSS
CVE-2021-22531

A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0

EPSS: 0.24%
Critical Target
9.8 CVSS
CVE-2021-35587
Exploit Found

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

EPSS: 94.27%
8.0 CVSS
CVE-2021-22528

Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4

EPSS: 0.36%
6.0 CVSS
CVE-2021-22527

Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4

EPSS: 0.22%
4.9 CVSS
CVE-2021-22526

Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4

EPSS: 0.14%
5.4 CVSS
CVE-2021-22524

Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4

EPSS: 0.20%