Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Edirectory
(Microfocus)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-03-02 | CVE-2017-7429 | The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. | Edirectory, Edirectory | 8.8 | ||
| 2018-03-02 | CVE-2017-9285 | NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. | Edirectory, Edirectory | 9.8 | ||
| 2018-08-09 | CVE-2018-7686 | Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. | Edirectory | 7.5 | ||
| 2018-08-09 | CVE-2018-7692 | Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. | Edirectory | 6.1 | ||
| 2018-12-12 | CVE-2018-17950 | Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2 | Edirectory | 7.5 | ||
| 2018-12-12 | CVE-2018-17952 | Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 | Edirectory | 6.1 | ||
| 2012-12-25 | CVE-2012-0432 | Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors. | Edirectory | N/A | ||
| 2012-12-25 | CVE-2012-0430 | Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors. | Edirectory | N/A | ||
| 2012-12-25 | CVE-2012-0429 | dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request. | Edirectory | N/A | ||
| 2012-12-25 | CVE-2012-0428 | Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Edirectory | N/A |