Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • CPE Vendor: cpe:/:microfocus
  • CPE Product: cpe:/:microfocus:access_manager
There are 10 matching records.
Displaying matches 1 through 10.
Vuln ID Summary CVSS Severity
CVE-2021-22506

Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.

Published: March 26, 2021; 10:15:11 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-25840

Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction.

Published: March 26, 2021; 10:15:11 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-22496

Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage.

Published: March 25, 2021; 12:15:13 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-17948

An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.

Published: November 20, 2018; 1:29:00 PM -0500
V3.0: 6.1 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2018-12480

Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3.

Published: November 15, 2018; 8:29:00 AM -0500
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2014-9412

Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a different issue than CVE-2014-5216.

Published: December 23, 2014; 6:59:05 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-5217

Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action.

Published: December 23, 2014; 6:59:03 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-5216

Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412.

Published: December 23, 2014; 6:59:02 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-5215

NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp.

Published: December 23, 2014; 6:59:01 AM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2014-5214

nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Published: December 23, 2014; 6:59:00 AM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM