Microfocus Edirectory vulnerabilities

16 known vulnerabilities affecting microfocus/edirectory.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL4HIGH4MEDIUM8

Vulnerabilities

Page 1 of 1

CVE-2021-22533CRITICALCVSS 9.1fixed in 9.2.4.00002024-09-12

CVE-2021-22533 [CRITICAL] CWE-532 CVE-2021-22533: Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been disc Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000.

nvd

CVE-2021-38132CRITICALCVSS 9.8fixed in 9.2.6.00002024-09-12

CVE-2021-38132 [CRITICAL] CWE-918 CVE-2021-38132: Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirec Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.

nvd

CVE-2021-22532HIGHCVSS 7.5fixed in 9.2.4.00002024-09-12

CVE-2021-22532 [HIGH] CWE-770 CVE-2021-22532: Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText™ eDirectory before 9.2.4.0000.

nvd

CVE-2021-38131MEDIUMCVSS 6.1fixed in 9.2.5.00002024-09-12

CVE-2021-38131 [MEDIUM] CWE-79 CVE-2021-38131: Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText™ eD Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.5.0000.

nvd

CVE-2021-38133MEDIUMCVSS 6.5fixed in 9.2.6.00002024-09-12

CVE-2021-38133 [MEDIUM] CWE-521 CVE-2021-38133: Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirec Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.

nvd

CVE-2021-22503MEDIUMCVSS 6.1fixed in 9.2.3.00002024-09-12

CVE-2021-22503 [MEDIUM] CWE-79 CVE-2021-22503: Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory h Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.3.0000.

nvd

CVE-2018-17950HIGHCVSS 7.5≤ 9.1v9.12018-12-12

CVE-2018-17950 [HIGH] CWE-863 CVE-2018-17950: Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2 Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2

nvd

CVE-2018-17952MEDIUMCVSS 6.1fixed in 9.1.22018-12-12

CVE-2018-17952 [MEDIUM] CWE-79 CVE-2018-17952: Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 Cross site scripting vulnerability in eDirectory prior to 9.1 SP2

nvd

CVE-2018-7686HIGHCVSS 7.5≤ 9.1.12018-08-09

CVE-2018-7686 [HIGH] CWE-200 CVE-2018-7686: Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.

nvd

CVE-2018-7692MEDIUMCVSS 6.1≤ 9.1.12018-08-09

CVE-2018-7692 [MEDIUM] CWE-601 CVE-2018-7692: Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.

nvd

CVE-2017-9285CRITICALCVSS 9.8≤ 9.02018-03-02

CVE-2017-9285 [CRITICAL] CWE-284 CVE-2017-9285: NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowi NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.

nvd

CVE-2017-7429HIGHCVSS 8.8≤ 8.8.82018-03-02

CVE-2017-7429 [HIGH] CWE-434 CVE-2017-7429: The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.

nvd

CVE-2012-0432CRITICALCVSS 10.0PoCv8.8.7.0v8.8.7.12012-12-25

CVE-2012-0432 [CRITICAL] CWE-119 CVE-2012-0432: Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8. Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.

nvd

CVE-2012-0428MEDIUMCVSS 4.3v8.8.6.0v8.8.6.1+7 more2012-12-25

CVE-2012-0428 [MEDIUM] CWE-79 CVE-2012-0428: Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x befo Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

nvd

CVE-2012-0430MEDIUMCVSS 6.4v8.8.6.0v8.8.6.1+7 more2012-12-25

CVE-2012-0430 [MEDIUM] CVE-2012-0430: Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on W Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors.

nvd

CVE-2012-0429MEDIUMCVSS 4.0v8.8.6.0v8.8.6.1+7 more2012-12-25

CVE-2012-0429 [MEDIUM] CVE-2012-0429: dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request.

nvd