Micro Focus Access Manager
By the Year
In 2024 there have been 0 vulnerabilities in Micro Focus Access Manager . Access Manager did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 1 | 6.10 |
2021 | 8 | 6.31 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 2 | 6.10 |
It may take a day or so for new Access Manager vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Micro Focus Access Manager Security Vulnerabilities
A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability
CVE-2021-22531
6.1 - Medium
- May 12, 2022
A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0
XSS
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
CVE-2021-22524
4.9 - Medium
- September 13, 2021
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
aka Blind XPath Injection
Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
CVE-2021-22526
6.1 - Medium
- September 13, 2021
Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Open Redirect
Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
CVE-2021-22527
7.5 - High
- September 13, 2021
Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
CVE-2021-22528
5.4 - Medium
- September 13, 2021
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
XSS
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1
CVE-2021-22525
5.5 - Medium
- September 02, 2021
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1
Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0
CVE-2020-25840
6.1 - Medium
- March 26, 2021
Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction.
XSS
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product
CVE-2021-22506
7.5 - High
- March 26, 2021
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.
Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3
CVE-2021-22496
7.5 - High
- March 25, 2021
Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage.
authentification
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
CVE-2018-17948
6.1 - Medium
- November 20, 2018
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
Open Redirect
Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3.
CVE-2018-12480
6.1 - Medium
- November 15, 2018
Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3.
XSS
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3
CVE-2014-5216
- December 23, 2014
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412.
XSS
Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests
CVE-2014-5217
- December 23, 2014
Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action.
Session Riding
Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests
CVE-2014-5217
- December 23, 2014
Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action.
Session Riding
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1
CVE-2014-9412
- December 23, 2014
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a different issue than CVE-2014-5216.
XSS
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1
CVE-2014-9412
- December 23, 2014
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a different issue than CVE-2014-5216.
XSS
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3
CVE-2014-5216
- December 23, 2014
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412.
XSS
NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3
CVE-2014-5215
- December 23, 2014
NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp.
Information Disclosure
NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3
CVE-2014-5215
- December 23, 2014
NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp.
Information Disclosure
nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3
CVE-2014-5214
- December 23, 2014
nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.<a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3
CVE-2014-5214
- December 23, 2014
nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.<a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Micro Focus Access Manager or by Micro Focus? Click the Watch button to subscribe.