Total
24 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-5757 | 1 Netiq | 1 Access Manager | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials. | |||||
CVE-2016-5752 | 1 Netiq | 1 Access Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester. | |||||
CVE-2016-5751 | 1 Netiq | 1 Access Manager | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials. | |||||
CVE-2017-5190 | 1 Netiq | 1 Access Manager | 2024-02-28 | 3.5 LOW | 3.1 LOW |
NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile. |