NetIQ 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk csrf、vendor risk xxe, and vendor risk input validation に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で vendor impact session compromise and ファイル上書き などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-26322 | Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager has been discovered in OpenText™ Identity Manager REST Driver. This impact version before 1.1.2.0200. | [email protected] | 4.9 | 0.10% | 2024-09-12 | 2024-10-02 |
| CVE-2020-11843 | This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before | [email protected] | 6.5 | 0.38% | 2024-06-11 | 2024-11-21 |
| CVE-2024-1470 | Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6. | [email protected] | 7.1 | 0.04% | 2024-02-29 | 2025-02-14 |
| CVE-2022-38758 | Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL. | [email protected] | 7.2 | 0.37% | 2023-01-26 | 2024-11-21 |
| CVE-2022-26329 | File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL. | [email protected] | 1.8 | 0.23% | 2023-01-26 | 2024-11-21 |
| CVE-2019-11648 | An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive information. | [email protected] | 7.5 | 0.32% | 2019-06-24 | 2024-11-21 |
| CVE-2018-12462 | NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities. | [email protected] | 4.8 | 0.17% | 2018-07-10 | 2024-11-21 |
| CVE-2018-12461 | Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. | [email protected] | 3.5 | 0.08% | 2018-07-10 | 2024-11-21 |
| CVE-2017-9284 | IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information. | [email protected] | 4.8 | 0.29% | 2018-04-26 | 2024-11-21 |
| CVE-2017-9275 | NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack. | [email protected] | 2.8 | 0.17% | 2018-04-26 | 2024-11-21 |
| CVE-2018-7676 | The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information. | [email protected] | 3.9 | 0.29% | 2018-03-28 | 2024-11-21 |
| CVE-2018-7674 | The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection. | [email protected] | 2.1 | 0.20% | 2018-03-28 | 2024-11-21 |
| CVE-2018-7673 | The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack. | [email protected] | 5.1 | 0.17% | 2018-03-26 | 2024-11-21 |
| CVE-2018-1350 | The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration. | [email protected] | 2.3 | 0.16% | 2018-03-26 | 2024-11-21 |
| CVE-2018-1349 | The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration. | [email protected] | 2.3 | 0.16% | 2018-03-26 | 2024-11-21 |
| CVE-2018-1348 | NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack. | [email protected] | 5.3 | 0.21% | 2018-03-26 | 2024-11-21 |
| CVE-2018-1347 | The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting. | [email protected] | 5.3 | 0.19% | 2018-03-21 | 2024-11-21 |
| CVE-2018-1346 | Addresses denial of service attack to eDirectory versions prior to 9.1. | [email protected] | 3.1 | 0.33% | 2018-03-21 | 2024-11-21 |
| CVE-2018-1345 | NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack. | [email protected] | 5.9 | 0.13% | 2018-03-21 | 2024-11-21 |
| CVE-2018-1344 | Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1 | [email protected] | 3.1 | 0.22% | 2018-03-21 | 2024-11-21 |