Microfocus Access Manager vulnerabilities
18 known vulnerabilities affecting microfocus/access_manager.
Total CVEs
18
CISA KEV
1
actively exploited
Public exploits
5
Exploited in wild
1
Severity breakdown
HIGH4MEDIUM14
Vulnerabilities
Page 1 of 1
CVE-2021-22506P1HIGHCVSS 7.5KEVfixed in 5.02021-03-26
CVE-2021-22506 [HIGH] CVE-2021-22506: Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager produ
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.
nvd
CVE-2014-5217P3MEDIUMCVSS 6.8PoCv4.0v4.0.12014-12-23
CVE-2014-5217 [MEDIUM] CWE-352 CVE-2014-5217: Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console
Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action.
nvd
CVE-2014-5214P4MEDIUMCVSS 4.0PoCv4.0v4.0.12014-12-23
CVE-2014-5214 [MEDIUM] CVE-2014-5214: nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.
nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
nvd
CVE-2026-11877P3HIGHCVSS 7.5≥ 5.0, < 5.1v5.1+1 more2026-06-24
CVE-2026-11877 [HIGH] CWE-648 CVE-2026-11877: An unauthorized user can modify configuration through API calls that affects the OpenText Access Man
An unauthorized user can modify configuration through API
calls that affects the OpenText Access
Manager. This issue affects Access Manager before 5.1.3.
nvd
CVE-2021-22496P3HIGHCVSS 7.5fixed in 4.5.3.3vAccess Manager versions prior to 4.5.3.32021-03-25
CVE-2021-22496 [HIGH] CWE-287 CVE-2021-22496: Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior
Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage.
nvd
CVE-2014-5216P4MEDIUMCVSS 4.3PoCv4.0v4.0.12014-12-23
CVE-2014-5216 [MEDIUM] CWE-79 CVE-2014-5216: Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 H
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the se
nvd
CVE-2014-9412P4MEDIUMCVSS 4.3PoCv4.0v4.0.12014-12-23
CVE-2014-9412 [MEDIUM] CVE-2014-9412: Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 all
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a different issue than CVE-2014-5216.
nvd
CVE-2014-5215P4MEDIUMCVSS 4.0PoCv4.0v4.0.12014-12-23
CVE-2014-5215 [MEDIUM] CWE-200 CVE-2014-5215: NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discov
NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp.
nvd
CVE-2021-22527P3HIGHCVSS 7.5≥ 4.5.0, < 4.5.4≥ 5.0, < 5.0.12021-09-13
CVE-2021-22527 [HIGH] CWE-200 CVE-2021-22527: Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
nvd
CVE-2018-12480P4MEDIUMCVSS 6.1v4.1v4.2+2 more2018-11-15
CVE-2018-12480 [MEDIUM] CWE-79 CVE-2018-12480: Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3.
Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3.
nvd
CVE-2021-22526P4MEDIUMCVSS 6.1≥ 4.5.0, < 4.5.4≥ 5.0, < 5.0.12021-09-13
CVE-2021-22526 [MEDIUM] CWE-601 CVE-2021-22526: Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
nvd
CVE-2026-11878P4MEDIUMCVSS 6.1≥ 5.0, < 5.1v5.1+1 more2026-06-24
CVE-2026-11878 [MEDIUM] CWE-79 CVE-2026-11878: Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText Access Manager allows Cross-Site Scripting (XSS).
This issue affects Access Manager: from 5.1 through 5.1.2.
nvd
CVE-2020-25840P4MEDIUMCVSS 6.1fixed in 5.02021-03-26
CVE-2020-25840 [MEDIUM] CWE-79 CVE-2020-25840: Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior
Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction.
nvd
CVE-2021-22531P4MEDIUMCVSS 6.1v4.5v5.02022-05-12
CVE-2021-22531 [MEDIUM] CWE-79 CVE-2021-22531: A bug exist in the input parameter of Access Manager that allows supply of invalid character to trig
A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0
nvd
CVE-2018-17948P4MEDIUMCVSS 6.1fixed in 4.4v4.42018-11-20
CVE-2018-17948 [MEDIUM] CWE-601 CVE-2018-17948: An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
nvd
CVE-2021-22528P4MEDIUMCVSS 5.4≥ 4.5.0, < 4.5.4≥ 5.0, < 5.0.12021-09-13
CVE-2021-22528 [MEDIUM] CWE-79 CVE-2021-22528: Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
nvd
CVE-2021-22525P4MEDIUMCVSS 5.5fixed in 5.0.12021-09-02
CVE-2021-22525 [MEDIUM] CVE-2021-22525: This release addresses a potential information leakage vulnerability in NetIQ Access Manager version
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1
nvd
CVE-2021-22524P4MEDIUMCVSS 4.9≥ 4.5.0, < 4.5.4≥ 5.0, < 5.0.12021-09-13
CVE-2021-22524 [MEDIUM] CWE-91 CVE-2021-22524: Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 a
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
nvd