Every CVE whose affected-product data names Netiq Access Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2017-14803 — CVSS 9.8 (critical): In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO…
CVE-2016-5757 — CVSS 9.8 (critical): iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation…
CVE-2018-1342 — CVSS 9.8 (critical): A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This…
CVE-2016-5758 — CVSS 8.8 (high): A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be…
CVE-2016-5750 — CVSS 8.8 (high): The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload…
CVE-2016-5754 — CVSS 7.5 (high): Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2.
CVE-2016-5752 — CVSS 7.5 (high): The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML…
CVE-2016-5755 — CVSS 6.5 (medium): NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN…
CVE-2020-11843 — CVSS 6.5 (medium): This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before
CVE-2017-5191 — CVSS 6.1 (medium): An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate…
CVE-2016-5751 — CVSS 6.1 (medium): An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2…
CVE-2016-5756 — CVSS 6.1 (medium): Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected…
CVE-2017-5183 — CVSS 6.1 (medium): NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field…
CVE-2016-5748 — CVSS 5.5 (medium): External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2…
CVE-2016-5749 — CVSS 5.5 (medium): NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled…
CVE-2017-14802 — CVSS 5.4 (medium): Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated…
CVE-2017-9276 — CVSS 5.4 (medium): Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into…
CVE-2017-14800 — CVSS 5.4 (medium): A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor…
CVE-2017-7419 — CVSS 4.6 (medium): A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped…
CVE-2017-14799 — CVSS 4.6 (medium): A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject…
CVE-2017-14801 — CVSS 4.6 (medium): Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter.
CVE-2018-7678 — CVSS 3.5 (low): A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.
CVE-2017-5190 — CVSS 3.1 (low): NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has…