Skip to main content

Access Manager

47 CVEs product

Monthly

CVE-2026-11877 MEDIUM This Month

Unauthorized configuration modification in OpenText Access Manager before 5.1.3 allows a remote unauthenticated attacker to alter system configuration via API calls that lack proper authorization enforcement, classified under CWE-648 (Incorrect Use of Privileged APIs). Affected deployments expose privileged API endpoints without adequate access control, enabling integrity impact across both the vulnerable system and subsequent systems relying on it for identity and access decisions. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Authentication Bypass Access Manager
NVD VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-11878 HIGH This Week

Cross-site scripting in OpenText Access Manager 5.1 through 5.1.2 lets a remote unauthenticated attacker inject script that executes in the browser of a targeted user of this enterprise SSO/access-management platform (CWE-79). Per the vendor-supplied CVSS 4.0 vector the flaw carries high vulnerable-system confidentiality impact (VC:H) but high attack complexity and a specific attack requirement (AC:H/AT:P), yielding a base score of 8.2. No public exploit identified at time of analysis and it is not listed in CISA KEV.

XSS Access Manager
NVD VulDB
CVSS 4.0
8.2
EPSS
0.2%
CVE-2023-21859 MEDIUM PATCH This Month

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Oracle Authentication Bypass Access Manager
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2022-39412 HIGH PATCH This Week

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Oracle Access Manager
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-39405 MEDIUM PATCH This Month

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Access Manager
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-22528 MEDIUM This Month

Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Access Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-22527 HIGH This Week

Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Access Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22526 MEDIUM This Month

Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Access Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-22524 MEDIUM This Month

Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Access Manager
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2021-22525 MEDIUM This Month

This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Access Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-2358 MEDIUM PATCH This Month

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Rest interfaces for Access Mgr). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Access Manager
NVD
CVSS 3.1
4.9
EPSS
1.6%
CVE-2021-29425 Maven MEDIUM POC PATCH THREAT This Month

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Path Traversal Commons Io Debian Linux Access Manager +57
NVD
CVSS 3.1
4.8
EPSS
10.6%
CVE-2021-22506 HIGH KEV THREAT This Week

Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Access Manager
NVD
CVSS 3.1
7.5
EPSS
25.7%
CVE-2021-22496 HIGH This Week

Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Access Manager
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-2747 MEDIUM This Month

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: SSO Engine). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Access Manager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2745 MEDIUM This Month

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Federation). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Access Manager
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2020-2740 MEDIUM This Month

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Access Manager
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2020-2555 CRITICAL POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Deserialization Access Manager Coherence Commerce Platform +6
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
97.1%
CVE-2019-10219 Maven MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse Jboss Data Grid Jboss Enterprise Application Platform +184
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2018-17948 MEDIUM This Month

An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Access Manager
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-12480 MEDIUM This Month

Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Access Manager
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10197 CRITICAL POC Act Now

There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Access Manager
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-2879 CRITICAL POC PATCH THREAT Act Now

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Authentication Engine). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Oracle Information Disclosure Access Manager
NVD GitHub
CVSS 3.0
9.0
EPSS
22.2%
CVE-2018-2739 CRITICAL PATCH Act Now

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Access Manager
NVD
CVSS 3.0
9.3
EPSS
2.3%
CVE-2018-2587 MEDIUM PATCH This Month

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Oracle Authentication Bypass Access Manager Adaptive Access Manager
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2018-7678 MEDIUM This Month

A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Access Manager
NVD
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-7677 HIGH This Week

A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Access Manager
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-1342 CRITICAL Act Now

A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Access Manager
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-10154 MEDIUM PATCH This Month

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Information Disclosure Access Manager
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2017-5191 MEDIUM This Month

An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Access Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-5183 MEDIUM This Month

NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Access Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-5190 LOW Monitor

NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Access Manager
NVD
CVSS 3.0
3.1
EPSS
0.2%
CVE-2016-5758 HIGH This Week

A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Access Manager
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-5757 CRITICAL Act Now

iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Access Manager
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2016-5756 MEDIUM This Month

Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Access Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-5755 MEDIUM This Month

NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Access Manager
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-5754 HIGH This Week

Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Access Manager
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5752 HIGH This Week

The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Access Manager
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5751 MEDIUM This Month

An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Access Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-5750 HIGH This Week

The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Access Manager
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2016-5749 MEDIUM This Month

NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Access Manager
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-5748 MEDIUM This Month

External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Access Manager
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2014-9412 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Access Manager
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
8.5%
CVE-2014-5217 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Access Manager
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-5216 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Access Manager
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
9.3%
CVE-2014-5215 MEDIUM POC This Month

NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Access Manager
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-5214 MEDIUM POC This Month

nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Access Manager
NVD
CVSS 2.0
4.0
EPSS
0.5%
EPSS 0% CVSS 6.3
MEDIUM This Month

Unauthorized configuration modification in OpenText Access Manager before 5.1.3 allows a remote unauthenticated attacker to alter system configuration via API calls that lack proper authorization enforcement, classified under CWE-648 (Incorrect Use of Privileged APIs). Affected deployments expose privileged API endpoints without adequate access control, enabling integrity impact across both the vulnerable system and subsequent systems relying on it for identity and access decisions. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Authentication Bypass Access Manager
NVD VulDB
EPSS 0% CVSS 8.2
HIGH This Week

Cross-site scripting in OpenText Access Manager 5.1 through 5.1.2 lets a remote unauthenticated attacker inject script that executes in the browser of a targeted user of this enterprise SSO/access-management platform (CWE-79). Per the vendor-supplied CVSS 4.0 vector the flaw carries high vulnerable-system confidentiality impact (VC:H) but high attack complexity and a specific attack requirement (AC:H/AT:P), yielding a base score of 8.2. No public exploit identified at time of analysis and it is not listed in CISA KEV.

XSS Access Manager
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Oracle Authentication Bypass Access Manager
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Oracle Access Manager
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Access Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Access Manager
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Access Manager
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Access Manager
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Access Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Access Manager
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Rest interfaces for Access Mgr). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Access Manager
NVD
EPSS 11% CVSS 4.8
MEDIUM POC PATCH THREAT This Month

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Path Traversal Commons Io +59
NVD
EPSS 26% CVSS 7.5
HIGH KEV THREAT This Week

Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Access Manager
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Access Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: SSO Engine). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Access Manager
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Federation). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Access Manager
NVD
EPSS 1% CVSS 4.6
MEDIUM This Month

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Access Manager
NVD
EPSS 97% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Deserialization Access Manager +8
NVD Exploit-DB
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse +186
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Access Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Access Manager
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Access Manager
NVD
EPSS 22% CVSS 9.0
CRITICAL POC PATCH THREAT Act Now

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Authentication Engine). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Oracle Information Disclosure Access Manager
NVD GitHub
EPSS 2% CVSS 9.3
CRITICAL PATCH Act Now

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Access Manager
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Oracle Authentication Bypass Access Manager +1
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Access Manager
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Access Manager
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Access Manager
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Information Disclosure Access Manager
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Access Manager
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Access Manager
NVD
EPSS 0% CVSS 3.1
LOW Monitor

NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Access Manager
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Access Manager
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Access Manager
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Access Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Access Manager
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Access Manager
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Access Manager
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Access Manager
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Access Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Access Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Access Manager
NVD
EPSS 8% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Access Manager
NVD Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Access Manager
NVD
EPSS 9% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Access Manager
NVD Exploit-DB
EPSS 0% CVSS 4.0
MEDIUM POC This Month

NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Access Manager
NVD
EPSS 0% CVSS 4.0
MEDIUM POC This Month

nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Access Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy