Imanager Security Vulnerabilities
Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information...
5.4CVSS
6.3AI Score
0.0004EPSS
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML...
7.8CVSS
8.4AI Score
0.0004EPSS
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory...
5.3CVSS
6.5AI Score
0.0004EPSS
Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass...
3.5CVSS
6.8AI Score
0.0004EPSS
File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without...
5.6CVSS
6.8AI Score
0.0004EPSS
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload...
7.8CVSS
8AI Score
0.0004EPSS
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object...
7.6CVSS
7.9AI Score
0.0004EPSS
Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file...
5.7CVSS
6.8AI Score
0.0004EPSS
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information...
5.3CVSS
6.4AI Score
0.0004EPSS
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code...
7.8CVSS
7.4AI Score
0.0004EPSS
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization...
7.8CVSS
7.6AI Score
0.0004EPSS
Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on...
7.2CVSS
6AI Score
0.001EPSS
There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this...
6.8CVSS
6.5AI Score
0.001EPSS
There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file. Affected product versions....
7.2CVSS
6.9AI Score
0.001EPSS
There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00. A module is lack of authentication. Attackers without access to the module can exploit this vulnerability to obtain extra information, leading to information...
6.5CVSS
6.2AI Score
0.001EPSS
There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this...
7.8CVSS
7.5AI Score
0.0004EPSS
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when...
7.8CVSS
8.3AI Score
0.001EPSS
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary...
8.1CVSS
8.8AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site...
6.1CVSS
6AI Score
0.001EPSS
Addresses potential communication downgrade attack in NetIQ iManager versions prior to...
8.6CVSS
8.4AI Score
0.001EPSS
NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege...
8.8CVSS
8.6AI Score
0.001EPSS
NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel...
7.5CVSS
7.6AI Score
0.002EPSS
Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a command injection vulnerability. An authenticated, remote attacker could exploit this vulnerability to send malicious packets to a target device. Successful exploit could enable a low privileged user to execute commands that a.....
8.8CVSS
8.7AI Score
0.001EPSS
Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and...
7.6CVSS
6AI Score
0.001EPSS
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in...
6.1CVSS
6AI Score
0.003EPSS
NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with...
5.3CVSS
5.3AI Score
0.002EPSS
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload...
9.8CVSS
9.4AI Score
0.004EPSS
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object...
8.8CVSS
8.6AI Score
0.002EPSS
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications...
7.5CVSS
7.5AI Score
0.008EPSS
The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote...
8.8CVSS
8.8AI Score
0.004EPSS
Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat...
7.5AI Score
0.001EPSS
Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack...
6.8AI Score
0.004EPSS
Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted EnteredAttrName parameter, a related issue to...
7.2AI Score
0.822EPSS
Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to...
6.5AI Score
0.03EPSS
Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName.....
7.4AI Score
0.546EPSS
Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote attackers to execute arbitrary code via vectors that trigger long arguments to an unspecified sub-application, related to importing and exporting from a...
8.1AI Score
0.664EPSS
Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Property Book Pages via unknown...
6.6AI Score
0.008EPSS
Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079,...
8.5AI Score
0.021EPSS
Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer...
6.6AI Score
0.059EPSS
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null...
7.5CVSS
7.1AI Score
0.006EPSS
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test...
7.2AI Score
0.003EPSS
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an...
7.2AI Score
0.002EPSS