Microfocus Access Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Microfocus Access Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2021-22528 — CVSS 8.0 (high): Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
CVE-2026-11877 — CVSS 7.5 (high): An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager…
CVE-2021-22496 — CVSS 7.5 (high): Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability…
CVE-2014-5217 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM)…
CVE-2026-11878 — CVSS 6.1 (medium): Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText Access Manager allows…
CVE-2020-25840 — CVSS 6.1 (medium): Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could…
CVE-2021-22531 — CVSS 6.1 (medium): A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability…
CVE-2021-22525 — CVSS 5.5 (medium): This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1
CVE-2021-22524 — CVSS 5.4 (medium): Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
CVE-2014-9412 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary…
CVE-2014-5216 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject…
CVE-2014-5215 — CVSS 4.0 (medium): NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a…
CVE-2014-5214 — CVSS 4.0 (medium): nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote…