Netiq Netiq

  1. Vendors
  2. Netiq

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Netiq product.

RSS Feeds for Netiq security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Netiq products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Netiq Sorted by Most Security Vulnerabilities since 2018

Netiq Identity Manager13 vulnerabilities

Netiq Access Manager12 vulnerabilities

Netiq Edirectory6 vulnerabilities

Netiq Imanager6 vulnerabilities

Netiq Advanced Authentication1 vulnerability

Netiq Client Login Extension1 vulnerability

Netiq Identity Manager Rest Driver1 vulnerability

Netiq Privileged Account Manager1 vulnerability

Netiq Pssecure1 vulnerability

Netiq Self Service Password Reset1 vulnerability

Netiq Sentinel1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Netiq. Netiq did not have any published security vulnerabilities last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 5 7.36
2023 3 7.07
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 1 7.50
2018 37 7.47

It may take a day or so for new Netiq vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Netiq Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2022-26322 Sep 12, 2024
OpenText Identity Manager REST Driver Before 1.1.2.0200 Log File Injection Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager has been discovered in OpenText Identity Manager REST Driver. This impact version before 1.1.2.0200.
Identity Manager Rest Driver
CVE-2024-4555 Aug 28, 2024
NetIQ Access Manager Impostor Privilege Escalation (Before 5.1) Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1
Access Manager
CVE-2024-4554 Aug 28, 2024
OpenText NetIQ Access Manager 5.1 XSS via Improper Input Validation Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects Access Manager before 5.0.4.1 and 5.1.
Access Manager
CVE-2020-11843 Jun 11, 2024
NetIQ Access Manager <=4.5 Info Exposure to Unauthorized Users This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before
Access Manager
CVE-2024-1470 Feb 29, 2024
NetIQ Client Login Extension 4.6 Auth Bypass Priv Escalation Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6.
Client Login Extension
CVE-2023-24468 Mar 15, 2023
Advanced Authentication <6.4.1.1: Broken Access Control Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
Advanced Authentication
CVE-2022-26329 Jan 26, 2023
NetIQ IDM File Existence Disclosure (v<4.8.5) File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.
Identity Manager
CVE-2022-38758 Jan 26, 2023
NetIQ iManager XSS Before 3.2.6 (iManager) Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL.
Imanager
CVE-2019-11648 Jun 24, 2019
An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4 An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive information.
Self Service Password Reset
CVE-2018-7692 Aug 09, 2018
Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.
Edirectory
CVE-2018-7686 Aug 09, 2018
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
Edirectory
CVE-2018-12462 Jul 10, 2018
NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities. NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.
Imanager
CVE-2018-12461 Jul 10, 2018
Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation.
Edirectory
CVE-2017-9284 Apr 26, 2018
IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information. IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information.
CVE-2017-9275 Apr 26, 2018
NetIQ Identity Reporting NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack.
CVE-2018-7676 Mar 28, 2018
The NetIQ Identity Manager The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information.
Identity Manager
CVE-2018-7674 Mar 28, 2018
The NetIQ Identity Manager user console The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.
Identity Manager
CVE-2018-7673 Mar 26, 2018
The NetIQ Identity Manager communication channel The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack.
Identity Manager
CVE-2018-1350 Mar 26, 2018
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration.
Identity Manager
CVE-2018-1349 Mar 26, 2018
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration.
Identity Manager
CVE-2018-1348 Mar 26, 2018
NetIQ Identity Manager driver, in versions prior to 4.7 NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack.
Identity Manager
CVE-2018-1344 Mar 21, 2018
Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1 Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1
Imanager
CVE-2018-1345 Mar 21, 2018
NetIQ iManager NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack.
Imanager
CVE-2018-1346 Mar 21, 2018
Addresses denial of service attack to eDirectory versions prior to 9.1. Addresses denial of service attack to eDirectory versions prior to 9.1.
Edirectory
CVE-2018-1347 Mar 21, 2018
The administrative web interface in NetIQ iManager The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting.
Imanager
CVE-2018-7677 Mar 14, 2018
A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component. A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.
Access Manager
CVE-2018-7678 Mar 14, 2018
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4. A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.
Access Manager
CVE-2018-7675 Mar 07, 2018
In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing.
Sentinel
CVE-2018-1343 Mar 06, 2018
PAM exposure enabling unauthenticated access to remote host PAM exposure enabling unauthenticated access to remote host
Privileged Account Manager
CVE-2017-7427 Mar 05, 2018
Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1 Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector, via vdtData in the Version discovery and via nextFrame in the Object Inspector and via Host GUID in the System details plugins.
Identity Manager
CVE-2017-7437 Mar 05, 2018
NetIQ Privileged Account Manager before 3.1 Patch Update 3 NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests.
CVE-2017-9285 Mar 02, 2018
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
Edirectory
CVE-2017-7429 Mar 02, 2018
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
Edirectory
CVE-2017-9280 Mar 02, 2018
Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar.
Identity Manager
CVE-2017-9279 Mar 02, 2018
NetIQ Identity Manager before 4.5.6.1 NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users.
Identity Manager
CVE-2017-14801 Mar 02, 2018
Reflected XSS in the NetIQ Access Manager before 4.3.3 Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter.
Access Manager
CVE-2017-5189 Mar 02, 2018
NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.
Imanager
CVE-2017-7419 Mar 02, 2018
A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.
Access Manager
CVE-2017-9278 Mar 02, 2018
The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.
Identity Manager
CVE-2017-7434 Mar 02, 2018
In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles. In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles.
Identity Manager
CVE-2017-7438 Mar 02, 2018
NetIQ Privileged Account Manager before 3.1 Patch Update 3 NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter.
CVE-2017-9276 Mar 02, 2018
Novell Access Manager iManager before 4.3.3 did not validate parameters so Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter.
Access Manager
CVE-2017-14799 Mar 01, 2018
A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page. A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page.
Access Manager
CVE-2017-7426 Mar 01, 2018
The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks.
Identity Manager
CVE-2017-14800 Mar 01, 2018
A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users.
Access Manager
CVE-2018-1342 Jan 26, 2018
A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console.
Access Manager
CVE-2005-1244 Apr 20, 2005
Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable.
Pssecure
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.