| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. |
| A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found. |
| The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. |
| NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security. |
| The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability. |
| In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted. |
| A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited. |
| Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3 |
| Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels.
Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers.
This issue affects OpenText Application Automation Tools: 24.1.0 and below. |
| Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels.
Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names.
This issue affects OpenText Application Automation Tools: 24.1.0 and below. |
| Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. |
| Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. |
| Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. |
| Possible
Improper Neutralization of Input During Web Page Generation Vulnerability
in eDirectory has been discovered in
OpenText™ eDirectory 9.2.3.0000. |
| Possible Insertion of Sensitive Information into Log File Vulnerability
in eDirectory has been discovered in
OpenText™ eDirectory 9.2.4.0000. |
| Possible NLDAP Denial of Service attack Vulnerability
in eDirectory has been discovered in
OpenText™
eDirectory before 9.2.4.0000. |
| Possible
External Service Interaction attack
in eDirectory has been discovered in
OpenText™ eDirectory. This impact all version before 9.2.6.0000. |
| Possible
External Service Interaction attack
in eDirectory has been discovered in
OpenText™ eDirectory. This impact all version before 9.2.6.0000. |
| Possible Cross-Site Scripting (XSS) Vulnerability
in eDirectory has been discovered in
OpenText™ eDirectory 9.2.5.0000. |
| A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1 |
