Skip to main content

Identity Manager

61 CVEs product

Monthly

CVE-2026-46810 MEDIUM This Month

Unauthenticated network exploitation of Oracle Identity Manager's End User Self Service component via the IIOP protocol allows partial read and write access to identity data in versions 12.2.1.4.0 and 14.1.2.1.0. The authentication bypass tag alongside a PR:N CVSS vector confirms no credentials are required, making this accessible to any attacker who can reach the IIOP endpoint. No public exploit or active exploitation has been identified at time of analysis, but the sensitivity of identity governance data elevates the practical risk beyond the moderate CVSS score alone.

Authentication Bypass Oracle Identity Manager
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-46807 CRITICAL Act Now

Remote unauthenticated takeover of Oracle Identity Manager 12.2.1.4.0 and 14.1.2.1.0 is possible via the OIM Legacy UI component when reachable over T3 or IIOP protocols, per Oracle's June 2026 Critical Patch Update advisory. The flaw scores CVSS 9.8 with full confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis. Because Identity Manager governs enterprise identity and access provisioning, successful exploitation effectively yields a tier-zero compromise of the IAM control plane.

Oracle Identity Manager Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-35269 HIGH This Week

Unauthorized data modification in Oracle Identity Manager (Fusion Middleware) versions 12.2.1.4.0 and 14.1.2.1.0 allows a remote unauthenticated attacker to create, delete, or modify critical identity data via the REST WebServices component over HTTP. Oracle rates the issue as easily exploitable with a CVSS 3.1 base score of 7.5 (integrity-only impact), and no public exploit has been identified at time of analysis.

Authentication Bypass Oracle Identity Manager
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-35268 CRITICAL Act Now

Account takeover in Oracle Identity Manager 12.2.1.4.0 and 14.1.2.1.0 (Fusion Middleware Core component) allows a low-privileged remote attacker to fully compromise the product via T3 or IIOP protocols, with scope change extending impact to other Fusion Middleware components. The CVSS 9.9 score reflects high confidentiality, integrity, and availability impact combined with low attack complexity. No public exploit identified at time of analysis, but Identity Manager's role as a central identity authority makes this a critical patching priority.

Oracle Identity Manager Authentication Bypass
NVD
CVSS 3.1
9.9
EPSS
0.5%
CVE-2026-35267 HIGH This Week

Account takeover in Oracle Identity Manager (Fusion Middleware) versions 12.2.1.4.0 and 14.1.2.1.0 allows a low-privileged remote attacker to fully compromise the Identity Manager instance via its REST WebServices component over HTTP. Oracle rates the flaw CVSS 8.8 with high impact to confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Because Identity Manager governs enterprise identity lifecycle and provisioning, successful exploitation has cascading impact across downstream applications it manages.

Oracle Identity Manager Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-35265 HIGH This Week

Account takeover in Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0 allows a low-privileged remote attacker with HTTP access to fully compromise the Identity Manager component of Oracle Fusion Middleware. With a CVSS 3.1 base score of 8.8 and high impact across confidentiality, integrity, and availability, successful exploitation results in takeover of the identity governance platform itself. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Oracle Identity Manager Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-20884 MEDIUM PATCH This Month

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Information Disclosure VMware Open Redirect Identity Manager Workspace One Access +2
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-31700 HIGH This Week

VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE VMware Access Cloud Foundation Identity Manager
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-31665 HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE VMware Identity Manager One Access Identity Manager Connector
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2022-31664 HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

VMware Privilege Escalation Identity Manager One Access Access Connector +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-31663 MEDIUM PATCH This Month

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS VMware Identity Manager One Access Access Connector +1
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-31662 HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal VMware Identity Manager One Access Access Connector +1
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-31661 HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

VMware Privilege Escalation Identity Manager One Access Access Connector +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-31660 HIGH POC PATCH Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

VMware Privilege Escalation Identity Manager One Access Access Connector +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-31659 HIGH PATCH This Week

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

RCE VMware SQLi Identity Manager One Access +2
NVD
CVSS 3.1
7.2
EPSS
2.4%
CVE-2022-31658 HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE VMware Identity Manager One Access Access Connector +1
NVD
CVSS 3.1
7.2
EPSS
1.9%
CVE-2022-31657 CRITICAL PATCH Act Now

VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

VMware Open Redirect Identity Manager One Access Access Connector +1
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-31656 CRITICAL POC PATCH THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass VMware Identity Manager One Access Access Connector +1
NVD
CVSS 3.1
9.8
EPSS
19.0%
CVE-2022-22973 HIGH This Week

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

VMware Privilege Escalation Identity Manager Workspace One Access Cloud Foundation +1
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2022-22972 CRITICAL POC THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Identity Manager Vrealize Automation Workspace One Access +2
NVD
CVSS 3.1
9.8
EPSS
52.8%
CVE-2022-22961 MEDIUM PATCH This Month

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

VMware Information Disclosure Cloud Foundation Identity Manager Vrealize Automation +2
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-22960 HIGH POC KEV PATCH THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

VMware Privilege Escalation Cloud Foundation Identity Manager Vrealize Automation +2
NVD
CVSS 3.1
7.8
EPSS
37.2%
CVE-2022-22959 MEDIUM PATCH This Month

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

VMware CSRF Cloud Foundation Identity Manager Vrealize Automation +2
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-22958 HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization VMware RCE Cloud Foundation Identity Manager +3
NVD
CVSS 3.1
7.2
EPSS
3.0%
CVE-2022-22957 HIGH POC PATCH THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization VMware RCE Cloud Foundation Identity Manager +3
NVD GitHub
CVSS 3.1
7.2
EPSS
23.1%
CVE-2022-22956 CRITICAL POC PATCH THREAT Act Now

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

VMware Authentication Bypass Identity Manager Vrealize Automation Workspace One Access
NVD GitHub
CVSS 3.1
9.8
EPSS
50.7%
CVE-2022-22955 CRITICAL PATCH Act Now

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

VMware Authentication Bypass Identity Manager Vrealize Automation Workspace One Access
NVD
CVSS 3.1
9.8
EPSS
8.1%
CVE-2022-22954 CRITICAL POC KEV THREAT Emergency

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

VMware RCE Code Injection Identity Manager Vrealize Automation +3
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-22056 HIGH PATCH This Week

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Identity Manager Vrealize Automation Workspace One Access
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-22003 HIGH PATCH This Week

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure VMware Identity Manager Workspace One Access Cloud Foundation +1
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22002 CRITICAL PATCH Act Now

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

VMware Authentication Bypass Identity Manager Workspace One Access Cloud Foundation +1
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-2458 HIGH This Week

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Identity Manager
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2021-2457 MEDIUM This Month

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Request Management & Workflow). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Identity Manager
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-4006 CRITICAL KEV THREAT Act Now

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection VMware Identity Manager Identity Manager Connector One Access +2
NVD
CVSS 3.1
9.1
EPSS
23.8%
CVE-2020-25839 CRITICAL Act Now

NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Identity Manager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-17465 MEDIUM This Month

Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Identity Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-11849 CRITICAL Act Now

Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Identity Manager
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-2729 MEDIUM PATCH This Month

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Advanced Console). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Identity Manager
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-2728 HIGH PATCH This Week

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM - LDAP user and role Synch). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Identity Manager
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-2858 MEDIUM PATCH This Month

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Advanced Console). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Identity Manager
NVD
CVSS 3.0
4.3
EPSS
0.9%
CVE-2019-2729 CRITICAL POC PATCH THREAT Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Oracle Communications Diameter Signaling Router Communications Network Integrity Hyperion Infrastructure Technology +6
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
88.8%
CVE-2019-11358 LIB MEDIUM POC PATCH THREAT This Month

{}, ...) because of Object.prototype pollution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Jquery Debian Linux Drupal +102
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
87.2%
CVE-2018-3179 HIGH PATCH This Week

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Advanced Console). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Denial Of Service Identity Manager
NVD
CVSS 3.0
7.2
EPSS
1.8%
CVE-2018-7676 MEDIUM This Month

The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Identity Manager
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2018-7674 MEDIUM This Month

The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Identity Manager
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-7673 HIGH This Week

The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Identity Manager
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2018-1350 MEDIUM This Month

The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Identity Manager
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2018-1349 MEDIUM This Month

The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Identity Manager
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2018-1348 HIGH This Week

NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Identity Manager
NVD
CVSS 3.0
7.4
EPSS
1.1%
CVE-2018-0908 MEDIUM PATCH This Month

Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Identity Manager
NVD
CVSS 3.0
6.1
EPSS
2.5%
CVE-2017-10151 CRITICAL PATCH Act Now

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.8%.

Information Disclosure Oracle Identity Manager
NVD
CVSS 3.0
10.0
EPSS
13.8%
CVE-2017-9393 CRITICAL Act Now

CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Identity Manager Identity Manager Virtual Appliance
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-3553 CRITICAL Act Now

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Identity Manager
NVD
CVSS 3.0
9.9
EPSS
0.9%
CVE-2016-5334 MEDIUM PATCH This Month

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure VMware Identity Manager Vrealize Automation
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2016-1598 MEDIUM This Month

XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Identity Manager Identity Manager Identity Applications
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-1592 MEDIUM This Month

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Identity Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-0787 MEDIUM This Month

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Identity Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-5506 LOW PATCH Monitor

Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware allows local users to affect confidentiality and integrity via vectors related to App Server. Rated low severity (CVSS 3.1), this vulnerability is low attack complexity.

Oracle Authentication Bypass Identity Manager
NVD
CVSS 3.0
3.1
EPSS
0.1%
CVE-2016-5335 HIGH PATCH This Week

VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure VMware Identity Manager Vrealize Automation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2014-4509 MEDIUM PATCH This Month

The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Information Disclosure Identity Manager
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-2880 MEDIUM POC THREAT This Month

Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.4%.

Open Redirect Oracle Identity Manager
NVD Exploit-DB VulDB
CVSS 2.0
5.8
EPSS
11.4%
EPSS 0% CVSS 6.5
MEDIUM This Month

Unauthenticated network exploitation of Oracle Identity Manager's End User Self Service component via the IIOP protocol allows partial read and write access to identity data in versions 12.2.1.4.0 and 14.1.2.1.0. The authentication bypass tag alongside a PR:N CVSS vector confirms no credentials are required, making this accessible to any attacker who can reach the IIOP endpoint. No public exploit or active exploitation has been identified at time of analysis, but the sensitivity of identity governance data elevates the practical risk beyond the moderate CVSS score alone.

Authentication Bypass Oracle Identity Manager
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Remote unauthenticated takeover of Oracle Identity Manager 12.2.1.4.0 and 14.1.2.1.0 is possible via the OIM Legacy UI component when reachable over T3 or IIOP protocols, per Oracle's June 2026 Critical Patch Update advisory. The flaw scores CVSS 9.8 with full confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis. Because Identity Manager governs enterprise identity and access provisioning, successful exploitation effectively yields a tier-zero compromise of the IAM control plane.

Oracle Identity Manager Authentication Bypass
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Unauthorized data modification in Oracle Identity Manager (Fusion Middleware) versions 12.2.1.4.0 and 14.1.2.1.0 allows a remote unauthenticated attacker to create, delete, or modify critical identity data via the REST WebServices component over HTTP. Oracle rates the issue as easily exploitable with a CVSS 3.1 base score of 7.5 (integrity-only impact), and no public exploit has been identified at time of analysis.

Authentication Bypass Oracle Identity Manager
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Account takeover in Oracle Identity Manager 12.2.1.4.0 and 14.1.2.1.0 (Fusion Middleware Core component) allows a low-privileged remote attacker to fully compromise the product via T3 or IIOP protocols, with scope change extending impact to other Fusion Middleware components. The CVSS 9.9 score reflects high confidentiality, integrity, and availability impact combined with low attack complexity. No public exploit identified at time of analysis, but Identity Manager's role as a central identity authority makes this a critical patching priority.

Oracle Identity Manager Authentication Bypass
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Account takeover in Oracle Identity Manager (Fusion Middleware) versions 12.2.1.4.0 and 14.1.2.1.0 allows a low-privileged remote attacker to fully compromise the Identity Manager instance via its REST WebServices component over HTTP. Oracle rates the flaw CVSS 8.8 with high impact to confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Because Identity Manager governs enterprise identity lifecycle and provisioning, successful exploitation has cascading impact across downstream applications it manages.

Oracle Identity Manager Authentication Bypass
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Account takeover in Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0 allows a low-privileged remote attacker with HTTP access to fully compromise the Identity Manager component of Oracle Fusion Middleware. With a CVSS 3.1 base score of 8.8 and high impact across confidentiality, integrity, and availability, successful exploitation results in takeover of the identity governance platform itself. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Oracle Identity Manager Authentication Bypass
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Information Disclosure VMware Open Redirect +4
NVD
EPSS 1% CVSS 7.2
HIGH This Week

VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE VMware Access +2
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE VMware Identity Manager +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

VMware Privilege Escalation Identity Manager +3
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS VMware Identity Manager +3
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal VMware Identity Manager +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

VMware Privilege Escalation Identity Manager +3
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

VMware Privilege Escalation Identity Manager +3
NVD GitHub
EPSS 2% CVSS 7.2
HIGH PATCH This Week

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

RCE VMware SQLi +4
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE VMware Identity Manager +3
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

VMware Open Redirect Identity Manager +3
NVD
EPSS 19% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass VMware Identity Manager +3
NVD
EPSS 2% CVSS 7.8
HIGH This Week

VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

VMware Privilege Escalation Identity Manager +3
NVD
EPSS 53% CVSS 9.8
CRITICAL POC THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Identity Manager +4
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an information disclosure vulnerability due to returning excess information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

VMware Information Disclosure Cloud Foundation +4
NVD
EPSS 37% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

VMware Privilege Escalation Cloud Foundation +4
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a cross site request forgery vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

VMware CSRF Cloud Foundation +4
NVD
EPSS 3% CVSS 7.2
HIGH PATCH This Week

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization VMware RCE +5
NVD
EPSS 23% CVSS 7.2
HIGH POC PATCH THREAT Act Now

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization VMware RCE +5
NVD GitHub
EPSS 51% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

VMware Authentication Bypass Identity Manager +2
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

VMware Authentication Bypass Identity Manager +2
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

VMware RCE Code Injection +5
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Identity Manager +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure VMware Identity Manager +3
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

VMware Authentication Bypass Identity Manager +3
NVD
EPSS 1% CVSS 7.6
HIGH This Week

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Identity Manager
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Request Management & Workflow). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Identity Manager
NVD
EPSS 24% CVSS 9.1
CRITICAL KEV THREAT Act Now

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection VMware Identity Manager +4
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Identity Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Identity Manager
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Identity Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Advanced Console). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Identity Manager
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM - LDAP user and role Synch). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Identity Manager
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Advanced Console). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Identity Manager
NVD
EPSS 89% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Oracle Communications Diameter Signaling Router +8
NVD Exploit-DB
EPSS 87% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

{}, ...) because of Object.prototype pollution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Jquery +104
NVD GitHub Exploit-DB
EPSS 2% CVSS 7.2
HIGH PATCH This Week

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Advanced Console). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Denial Of Service Identity Manager
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Identity Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Identity Manager
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Identity Manager
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Identity Manager
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Identity Manager
NVD
EPSS 1% CVSS 7.4
HIGH This Week

NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Identity Manager
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Identity Manager
NVD
EPSS 14% CVSS 10.0
CRITICAL PATCH Act Now

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.8%.

Information Disclosure Oracle Identity Manager
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Identity Manager Identity Manager Virtual Appliance
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Rules Engine). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Identity Manager
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure VMware Identity Manager +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Identity Manager Identity Manager Identity Applications
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Identity Manager
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Identity Manager
NVD
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware allows local users to affect confidentiality and integrity via vectors related to App Server. Rated low severity (CVSS 3.1), this vulnerability is low attack complexity.

Oracle Authentication Bypass Identity Manager
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure VMware Identity Manager +1
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Information Disclosure Identity Manager
NVD
EPSS 11% CVSS 5.8
MEDIUM POC THREAT This Month

Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.4%.

Open Redirect Oracle Identity Manager
NVD Exploit-DB VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy