Vulnerabilites related to microfocus - identity_manager
CVE-2016-1600 (GCVE-0-2016-1600)
Vulnerability from cvelistv5
Published
2019-05-09 20:33
Modified
2024-08-05 23:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | Identity Manager |
Version: Versions prior to version 4.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html#t433o7au0niu"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Identity Manager",
"vendor": "NetIQ",
"versions": [
{
"status": "affected",
"version": "Versions prior to version 4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:46",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html#t433o7au0niu"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-1600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Manager",
"version": {
"version_data": [
{
"version_value": "Versions prior to version 4.6"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html#t433o7au0niu",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html#t433o7au0niu"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-1600",
"datePublished": "2019-05-09T20:33:45",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:11.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9272 (GCVE-0-2017-9272)
Vulnerability from cvelistv5
Published
2017-10-06 17:00
Modified
2024-09-17 01:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service.
Summary
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| *** n/a *** | IDM 4.5 bidirectional eDir Driver Version |
Version: All versions prior to version 4.0.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:43.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.microfocus.com/Download?buildid=SRL-_pc5pR8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IDM 4.5 bidirectional eDir Driver Version",
"vendor": "*** n/a ***",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.0.3.0"
}
]
}
],
"datePublic": "2017-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:43",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.microfocus.com/Download?buildid=SRL-_pc5pR8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-09-26T00:00:00",
"ID": "CVE-2017-9272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IDM 4.5 bidirectional eDir Driver Version",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.0.3.0"
}
]
}
}
]
},
"vendor_name": "*** n/a ***"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.microfocus.com/Download?buildid=SRL-_pc5pR8",
"refsource": "MISC",
"url": "https://download.microfocus.com/Download?buildid=SRL-_pc5pR8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-9272",
"datePublished": "2017-10-06T17:00:00Z",
"dateReserved": "2017-05-29T00:00:00",
"dateUpdated": "2024-09-17T01:21:52.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25839 (GCVE-0-2020-25839)
Vulnerability from cvelistv5
Published
2020-11-20 15:24
Modified
2024-08-04 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Injection attack
Summary
NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | NetIQ Identity Manager |
Version: All versions in the 4.8 line prior to version 4.8 Service Pack 2 HotFix 1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:37.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4821_apps/data/releasenotes_idm4821_apps.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Identity Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions in the 4.8 line prior to version 4.8 Service Pack 2 HotFix 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Injection attack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:36",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4821_apps/data/releasenotes_idm4821_apps.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-25839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Identity Manager",
"version": {
"version_data": [
{
"version_value": "All versions in the 4.8 line prior to version 4.8 Service Pack 2 HotFix 1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Injection attack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4821_apps/data/releasenotes_idm4821_apps.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4821_apps/data/releasenotes_idm4821_apps.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-25839",
"datePublished": "2020-11-20T15:24:20",
"dateReserved": "2020-09-23T00:00:00",
"dateUpdated": "2024-08-04T15:40:37.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11849 (GCVE-0-2020-11849)
Vulnerability from cvelistv5
Published
2020-07-08 13:30
Modified
2024-09-17 01:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege and/or unauthorized access
Summary
Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Fosus | Identity Manager |
Version: unspecified < Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:41:59.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Identity Manager",
"vendor": "Micro Fosus",
"versions": [
{
"lessThanOrEqual": "4.7.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.8.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mark van Reijn, of IDFocus."
}
],
"datePublic": "2020-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access."
}
],
"exploits": [
{
"lang": "en",
"value": "Elevation of privilege and/or unauthorized access"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege and/or unauthorized access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:30",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html"
}
],
"solutions": [
{
"lang": "en",
"value": "For version 4.7.3 https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html\nFor version 4.8.1 https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Elevation of privilege and unauthorized access in Micro Focus Identity Manager product",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2020-07-07T20:00:00.000Z",
"ID": "CVE-2020-11849",
"STATE": "PUBLIC",
"TITLE": "Elevation of privilege and unauthorized access in Micro Focus Identity Manager product"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.7.3"
},
{
"version_affected": "\u003c=",
"version_value": "4.8.1"
}
]
}
}
]
},
"vendor_name": "Micro Fosus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mark van Reijn, of IDFocus."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Elevation of privilege and/or unauthorized access"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege and/or unauthorized access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html",
"refsource": "MISC",
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html"
},
{
"name": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html",
"refsource": "MISC",
"url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "For version 4.7.3 https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html\nFor version 4.8.1 https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-11849",
"datePublished": "2020-07-08T13:30:36.737561Z",
"dateReserved": "2020-04-16T00:00:00",
"dateUpdated": "2024-09-17T01:30:32.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9273 (GCVE-0-2017-9273)
Vulnerability from cvelistv5
Published
2017-10-06 17:00
Modified
2024-09-16 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access.
Summary
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| *** n/a *** | IDM 4.5 bidirectional eDir Driver Version |
Version: All versions prior to version 4.0.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.microfocus.com/Download?buildid=SRL-_pc5pR8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IDM 4.5 bidirectional eDir Driver Version",
"vendor": "*** n/a ***",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.0.3.0"
}
]
}
],
"datePublic": "2017-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:34",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.microfocus.com/Download?buildid=SRL-_pc5pR8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2017-09-26T00:00:00",
"ID": "CVE-2017-9273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IDM 4.5 bidirectional eDir Driver Version",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.0.3.0"
}
]
}
}
]
},
"vendor_name": "*** n/a ***"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.microfocus.com/Download?buildid=SRL-_pc5pR8",
"refsource": "MISC",
"url": "https://download.microfocus.com/Download?buildid=SRL-_pc5pR8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-9273",
"datePublished": "2017-10-06T17:00:00Z",
"dateReserved": "2017-05-29T00:00:00",
"dateUpdated": "2024-09-16T23:10:43.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-07-08 14:15
Modified
2024-11-21 04:58
Severity ?
Summary
Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | identity_manager | * | |
| microfocus | identity_manager | 4.7.4 | |
| microfocus | identity_manager | 4.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:identity_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3573217C-CFC5-4182-A155-A7AE7BC32D90",
"versionEndExcluding": "4.7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:identity_manager:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DE9224-3E08-4106-BC98-B3D55A1534EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:identity_manager:4.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B47A735B-9D09-4B3D-AAED-622CD28A0CD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access."
},
{
"lang": "es",
"value": "Una elevaci\u00f3n de privilegios y/o vulnerabilidad de acceso no autorizado en Micro Focus Identity Manager. Afecta las versiones anteriores a 4.7.3 y 4.8.1 hotfix 1. La vulnerabilidad podr\u00eda permitir una exposici\u00f3n de informaci\u00f3n que puede resultar en una elevaci\u00f3n de privilegios o un acceso no autorizado"
}
],
"id": "CVE-2020-11849",
"lastModified": "2024-11-21T04:58:45.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-08T14:15:10.320",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html"
},
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-06 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | bi-directional_driver | * | |
| microfocus | identity_manager | 4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:bi-directional_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A93F71-A60A-4DA7-BC80-BFA94A257C61",
"versionEndIncluding": "4.0.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microfocus:identity_manager:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1CBBF7-F30D-4B31-B98B-427CA7F1C0C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes."
},
{
"lang": "es",
"value": "El controlador bidireccional en IDM 4.5 en versiones anteriores a la 4.0.3.0 podr\u00eda ser susceptible a cambios de la configuraci\u00f3n del registro sin autorizaci\u00f3n."
}
],
"id": "CVE-2017-9273",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-06T17:29:02.777",
"references": [
{
"source": "security@opentext.com",
"url": "https://download.microfocus.com/Download?buildid=SRL-_pc5pR8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://download.microfocus.com/Download?buildid=SRL-_pc5pR8"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-06 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | bi-directional_driver | * | |
| microfocus | identity_manager | 4.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:bi-directional_driver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A93F71-A60A-4DA7-BC80-BFA94A257C61",
"versionEndIncluding": "4.0.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microfocus:identity_manager:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1CBBF7-F30D-4B31-B98B-427CA7F1C0C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack."
},
{
"lang": "es",
"value": "El controlador bidireccional en IDM 4.5 en versiones anteriores a la 4.0.3.0 podr\u00eda ser susceptible a un ataque de denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2017-9272",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-06T17:29:02.743",
"references": [
{
"source": "security@opentext.com",
"url": "https://download.microfocus.com/Download?buildid=SRL-_pc5pR8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://download.microfocus.com/Download?buildid=SRL-_pc5pR8"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-20 16:15
Modified
2024-11-21 05:18
Severity ?
Summary
NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | identity_manager | 4.8 | |
| microfocus | identity_manager | 4.8 | |
| microfocus | identity_manager | 4.8 | |
| microfocus | identity_manager | 4.8 | |
| microfocus | identity_manager | 4.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:identity_manager:4.8:-:*:*:*:*:*:*",
"matchCriteriaId": "6E38FF3B-6362-41F6-B146-325DFA469682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:identity_manager:4.8:hf1:*:*:*:*:*:*",
"matchCriteriaId": "15D47EC4-9539-4E8B-BBF2-5BA0CEBE2067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:identity_manager:4.8:sp1:*:*:*:*:*:*",
"matchCriteriaId": "04FA4595-19FA-440A-9021-BB3C6710A9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:identity_manager:4.8:sp1_hf1:*:*:*:*:*:*",
"matchCriteriaId": "C137C4AC-7BB1-48D1-93FB-548628FD33DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:identity_manager:4.8:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A69B4FD2-D6F8-45CD-A516-F7307B404BC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1."
},
{
"lang": "es",
"value": "NetIQ Identity Manager versiones 4.8 anteriores a 4.8 SP2 HF1, est\u00e1 afectado por una vulnerabilidad de inyecci\u00f3n.\u0026#xa0;Esta vulnerabilidad es corregida en NetIQ IdM versi\u00f3n 4.8 SP2 HF1"
}
],
"id": "CVE-2020-25839",
"lastModified": "2024-11-21T05:18:52.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-20T16:15:15.683",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4821_apps/data/releasenotes_idm4821_apps.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4821_apps/data/releasenotes_idm4821_apps.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-09 21:29
Modified
2024-11-21 02:46
Severity ?
Summary
The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | identity_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:identity_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8823ECCF-2726-47E6-85B5-007D1750F479",
"versionEndExcluding": "4.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability."
},
{
"lang": "es",
"value": "El controlador ServiceNow en las versiones del Gestor de identidades NetIQ anteriores a la 4.6 es susceptible a una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2016-1600",
"lastModified": "2024-11-21T02:46:42.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-09T21:29:00.250",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html#t433o7au0niu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/identity-manager-46/releasenotes_idm46/data/releasenotes_idm46.html#t433o7au0niu"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}