Netiq Edirectory vulnerabilities

CVE-2018-12461 [HIGH] CWE-295 CVE-2018-12461: Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation.

CVE-2018-1346 [HIGH] CVE-2018-1346: Addresses denial of service attack to eDirectory versions prior to 9.1. Addresses denial of service attack to eDirectory versions prior to 9.1.

CVE-2017-9285 [CRITICAL] CWE-284 CVE-2017-9285: NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowi NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.

CVE-2017-7429 [HIGH] CWE-434 CVE-2017-7429: The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.

CVE-2017-5186 [HIGH] CWE-327 CVE-2017-5186: Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x b Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.