| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request. |
| Possible Command Injection
in iManager GET parameter has been discovered in
OpenText™ iManager 3.2.6.0000. |
| Possible XML External Entity Injection
in iManager GET parameter has been discovered in
OpenText™ iManager 3.2.6.0200. |
| Possible Command injection Vulnerability
in iManager has been discovered in
OpenText™ iManager 3.2.4.0000. |
| Possible XSS in iManager URL for access Component has been discovered in
OpenText™ iManager 3.2.6.0000. |
| Possible Elevation of Privilege Vulnerability
in iManager has been discovered in
OpenText™ iManager. This impacts all versions before 3.2.5 |
| Possible Reflected Cross-Site Scripting (XSS) Vulnerability
in iManager has been discovered in
OpenText™ iManager 3.2.4.0000. |
| Possible XSS in iManager URL for access Component has been discovered in
OpenText™ iManager 3.2.5.0000. |
| Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3. |
| Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation.
|
| XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.
|
| Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This
vulnerability allows an attacker to manipulate certain parameters to bypass
authentication.
|
| File Upload vulnerability in unauthenticated
session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a
file without authentication.
|
| XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload
|
| Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This
could lead to sensitive information disclosure. |
| Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation
or file disclosure.
|
| Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This
could lead to senstive information disclosure. |
| Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger command injection and insecure deserialization issues.
|
| Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger remote code execution unisng unsafe java object deserialization.
|
| Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger remote code execution using custom file upload task. |
