Netiq Imanager vulnerabilities

CVE-2022-38758 [MEDIUM] CWE-79 CVE-2022-38758: Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL.

CVE-2018-12462 [MEDIUM] CWE-79 CVE-2018-12462: NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities. NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.

CVE-2018-1345 [HIGH] CVE-2018-1345: NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack.

CVE-2018-1344 [HIGH] CVE-2018-1344: Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1 Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1

CVE-2018-1347 [MEDIUM] CWE-79 CVE-2018-1347: The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflect The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting.

CVE-2017-5189 [HIGH] CWE-522 CVE-2017-5189: NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authent NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.

CVE-2017-7425 [MEDIUM] CWE-79 CVE-2017-7425: Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 a Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.

CVE-2017-7432 [CRITICAL] CVE-2017-7432: Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a websh Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability.

CVE-2017-7431 [HIGH] CWE-352 CVE-2017-7431: Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persist Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.

CVE-2017-7428 [MEDIUM] CWE-20 CVE-2017-7428: NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with To NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat.

CVE-2017-7430 [MEDIUM] CWE-79 CVE-2017-7430: Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persi Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.

CVE-2017-5186 [HIGH] CWE-327 CVE-2017-5186: Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x b Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.