Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microfocus | First view | 2021-03-25 |
| Product | Access Manager | Last view | 2022-05-12 |
| Version | 4.5 | Type | Application |
| Update | sp3 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:microfocus:access_manager | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.1 | 2022-05-12 | CVE-2021-22531 | A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0 |
| 5.4 | 2021-09-13 | CVE-2021-22528 | Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 |
| 7.5 | 2021-09-13 | CVE-2021-22527 | Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 |
| 6.1 | 2021-09-13 | CVE-2021-22526 | Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 |
| 4.9 | 2021-09-13 | CVE-2021-22524 | Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 |
| 5.5 | 2021-09-02 | CVE-2021-22525 | This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1 |
| 7.5 | 2021-03-26 | CVE-2021-22506 | Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage. |
| 6.1 | 2021-03-26 | CVE-2020-25840 | Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction. |
| 7.5 | 2021-03-25 | CVE-2021-22496 | Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (3) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 16% (1) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
| 16% (1) | CWE-287 | Improper Authentication |
| 16% (1) | CWE-91 | XML Injection (aka Blind XPath Injection) |
