Netiq
Products by Netiq Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 0 vulnerabilities in Netiq . Last year Netiq had 3 security vulnerabilities published. Right now, Netiq is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 3 | 7.07 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 1 | 7.50 |
2018 | 21 | 7.28 |
It may take a day or so for new Netiq vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Netiq Security Vulnerabilities
Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
CVE-2023-24468
9.8 - Critical
- March 15, 2023
Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6
CVE-2022-38758
6.1 - Medium
- January 26, 2023
Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL.
XSS
File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5
CVE-2022-26329
5.3 - Medium
- January 26, 2023
File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.
Exposure of Resource to Wrong Sphere
An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4
CVE-2019-11648
7.5 - High
- June 24, 2019
An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive information.
Information Disclosure
Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.
CVE-2018-7692
6.1 - Medium
- August 09, 2018
Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.
Open Redirect
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
CVE-2018-7686
7.5 - High
- August 09, 2018
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
Information Disclosure
NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.
CVE-2018-12462
6.1 - Medium
- July 10, 2018
NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.
XSS
Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation.
CVE-2018-12461
7.5 - High
- July 10, 2018
Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation.
Improper Certificate Validation
The NetIQ Identity Manager user console
CVE-2018-7674
6.1 - Medium
- March 28, 2018
The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.
Open Redirect
The NetIQ Identity Manager
CVE-2018-7676
5.9 - Medium
- March 28, 2018
The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information.
Information Disclosure
NetIQ Identity Manager driver, in versions prior to 4.7
CVE-2018-1348
7.4 - High
- March 26, 2018
NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack.
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details
CVE-2018-1349
5.3 - Medium
- March 26, 2018
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration.
Insertion of Sensitive Information into Log File
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details
CVE-2018-1350
5.3 - Medium
- March 26, 2018
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration.
Insertion of Sensitive Information into Log File
The NetIQ Identity Manager communication channel
CVE-2018-7673
7.5 - High
- March 26, 2018
The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack.
Addresses denial of service attack to eDirectory versions prior to 9.1.
CVE-2018-1346
7.5 - High
- March 21, 2018
Addresses denial of service attack to eDirectory versions prior to 9.1.
Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1
CVE-2018-1344
8.6 - High
- March 21, 2018
Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1
The administrative web interface in NetIQ iManager
CVE-2018-1347
6.1 - Medium
- March 21, 2018
The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting.
XSS
NetIQ iManager
CVE-2018-1345
8.8 - High
- March 21, 2018
NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack.
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.
CVE-2018-7678
4.8 - Medium
- March 14, 2018
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.
XSS
A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.
CVE-2018-7677
8.8 - High
- March 14, 2018
A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.
Session Riding
In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface
CVE-2018-7675
5.3 - Medium
- March 07, 2018
In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing.
Information Disclosure
PAM exposure enabling unauthenticated access to remote host
CVE-2018-1343
9.8 - Critical
- March 06, 2018
PAM exposure enabling unauthenticated access to remote host
authentification
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used
CVE-2017-9285
9.8 - Critical
- March 02, 2018
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
authentification
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code
CVE-2017-7429
8.8 - High
- March 02, 2018
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
Improper Certificate Validation
A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them
CVE-2018-1342
9.8 - Critical
- January 26, 2018
A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative console.
Unrestricted File Upload
Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server
CVE-2005-1244
- April 20, 2005
Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable.