Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Microfocus Subscribe
Filtered by product Access Manager
Total 16 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22527 1 Microfocus 1 Access Manager 2022-10-25 5.0 MEDIUM 7.5 HIGH
Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
CVE-2021-22525 1 Microfocus 1 Access Manager 2022-07-12 2.1 LOW 5.5 MEDIUM
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1
CVE-2021-22506 1 Microfocus 1 Access Manager 2022-07-12 5.0 MEDIUM 7.5 HIGH
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.
CVE-2021-22531 1 Microfocus 1 Access Manager 2022-05-23 4.3 MEDIUM 6.1 MEDIUM
A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0
CVE-2021-22526 1 Microfocus 1 Access Manager 2021-09-22 5.8 MEDIUM 6.1 MEDIUM
Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
CVE-2021-22524 1 Microfocus 1 Access Manager 2021-09-22 4.0 MEDIUM 4.9 MEDIUM
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
CVE-2021-22528 1 Microfocus 1 Access Manager 2021-09-22 3.5 LOW 5.4 MEDIUM
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
CVE-2014-5214 1 Microfocus 1 Access Manager 2021-04-09 4.0 MEDIUM N/A
nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2014-5215 1 Microfocus 1 Access Manager 2021-04-09 4.0 MEDIUM N/A
NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp.
CVE-2014-5216 1 Microfocus 1 Access Manager 2021-04-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412.
CVE-2014-5217 1 Microfocus 1 Access Manager 2021-04-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action.
CVE-2014-9412 1 Microfocus 1 Access Manager 2021-04-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a different issue than CVE-2014-5216.
CVE-2020-25840 1 Microfocus 1 Access Manager 2021-04-01 4.3 MEDIUM 6.1 MEDIUM
Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction.
CVE-2021-22496 1 Microfocus 1 Access Manager 2021-03-25 5.0 MEDIUM 7.5 HIGH
Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage.
CVE-2018-12480 1 Microfocus 1 Access Manager 2018-12-27 4.3 MEDIUM 6.1 MEDIUM
Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3.
CVE-2018-17948 1 Microfocus 1 Access Manager 2018-12-26 5.8 MEDIUM 6.1 MEDIUM
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.