📦

edirectory

Vendor: microfocus

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 1 Remote Access

Total CVEs 20 Total Indexed

Avg. EPSS 5.56% Exploit Prob.

Latest CVE CVE-2021-38133 Sep 12

Security Vulnerability Index

Page 2 / 2

5.4 CVSS

CVE-2017-9285

NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.

EPSS: 0.21%

Severity: MEDIUM

Mar 02, 2018

8.8 CVSS

CVE-2017-7429

The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.

EPSS: 0.19%

Severity: HIGH

Mar 02, 2018

10.0 CVSS

CVE-2012-0432

Exploit Found

Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.

EPSS: 85.18%

Severity: HIGH

Dec 25, 2012

6.4 CVSS

CVE-2012-0430

Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors.

EPSS: 0.28%

Severity: MEDIUM

Dec 25, 2012

4.0 CVSS

CVE-2012-0429

dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request.

EPSS: 0.63%

Severity: MEDIUM

Dec 25, 2012

4.3 CVSS

CVE-2012-0428

Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

EPSS: 0.26%

Severity: MEDIUM

Dec 25, 2012

Displaying 6 of 20 Total Entries

1 2

Total 2 Sections