Total
23 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-5749 | 1 Netiq | 1 Access Manager | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack. | |||||
CVE-2016-5758 | 1 Netiq | 1 Access Manager | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load. | |||||
CVE-2016-5757 | 1 Netiq | 1 Access Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials. |