This page lists publicly disclosed CVE vulnerabilities affecting microfocus edirectory (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-38133 | Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000. | [email protected] | 7.4 | 0.30% | 2024-09-12 | 2026-06-17 |
| CVE-2021-38132 | Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000. | [email protected] | 5.3 | 0.39% | 2024-09-12 | 2026-06-17 |
| CVE-2021-38131 | Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.5.0000. | [email protected] | 5.4 | 0.20% | 2024-09-12 | 2026-06-17 |
| CVE-2021-22533 | Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000. | [email protected] | 6.5 | 0.43% | 2024-09-12 | 2026-06-16 |
| CVE-2021-22532 | Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText™ eDirectory before 9.2.4.0000. | [email protected] | 7.6 | 0.40% | 2024-09-12 | 2026-06-16 |
| CVE-2021-22503 | Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.3.0000. | [email protected] | 5.4 | 0.22% | 2024-09-12 | 2026-06-16 |
| CVE-2018-17952 | Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 | [email protected] | 6.1 | 0.65% | 2018-12-12 | 2026-06-16 |
| CVE-2018-17950 | Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2 | [email protected] | 7.5 | 0.83% | 2018-12-12 | 2026-06-16 |
| CVE-2018-7692 | Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. | [email protected] | 6.1 | 0.65% | 2018-08-09 | 2026-06-16 |
| CVE-2018-7686 | Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. | [email protected] | 7.5 | 1.39% | 2018-08-09 | 2026-06-16 |
| CVE-2017-9285 | NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. | [email protected] | 5.4 | 1.21% | 2018-03-02 | 2026-06-16 |
| CVE-2017-7429 | The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. | [email protected] | 8.8 | 0.86% | 2018-03-02 | 2026-06-16 |
| CVE-2012-0432 | Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors. | [email protected] | 10.0 | 58.70% | 2012-12-25 | 2026-06-16 |
| CVE-2012-0430 | Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors. | [email protected] | 6.4 | 2.21% | 2012-12-25 | 2026-06-16 |
| CVE-2012-0429 | dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request. | [email protected] | 4.0 | 1.88% | 2012-12-25 | 2026-06-16 |
| CVE-2012-0428 | Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | [email protected] | 4.3 | 1.79% | 2012-12-25 | 2026-06-16 |