Search criteria
8 vulnerabilities found for NetIQ Access Manager by OpenText
CVE-2024-4554 (GCVE-0-2024-4554)
Vulnerability from cvelistv5 – Published: 2024-08-28 06:27 – Updated: 2025-10-06 13:30
VLAI?
Title
Multiple xss vulnerability in NetIQ Access Manager
Summary
Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects Access Manager before 5.0.4.1 and 5.1.
Severity ?
7.3 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | Access Manager |
Affected:
5.0.4.1 , < <
(server)
Affected: 5.1 , < < (server) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "access_manager",
"vendor": "netiq",
"versions": [
{
"lessThan": "5.0.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4554",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:28:17.128715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T13:28:23.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Access Manager",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "5.0.4.1",
"versionType": "server"
},
{
"lessThan": "\u003c",
"status": "affected",
"version": "5.1",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Access Manager before 5.0.4.1 and 5.1.\u003c/span\u003e"
}
],
"value": "Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack.\u00a0This issue affects Access Manager before 5.0.4.1 and 5.1."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T13:30:05.388Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html"
},
{
"url": "https://www.microfocus.com/documentation/access-manager/5.1/accessmanager51-release-notes/accessmanager51-release-notes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multiple xss vulnerability in NetIQ Access Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-4554",
"datePublished": "2024-08-28T06:27:31.937Z",
"dateReserved": "2024-05-06T17:46:06.036Z",
"dateUpdated": "2025-10-06T13:30:05.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4555 (GCVE-0-2024-4555)
Vulnerability from cvelistv5 – Published: 2024-08-28 06:27 – Updated: 2025-10-06 13:30
VLAI?
Title
User impersonation with MFA when configure in specific way
Summary
Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1
Severity ?
7.7 (High)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | NetIQ Access Manager |
Affected:
5.0.4.1 , < <
(server)
Affected: 5.1 , < < (server) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "access_manager",
"vendor": "netiq",
"versions": [
{
"lessThan": "5.0.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4555",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:26:27.557273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T13:27:19.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "NetIQ Access Manager",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "5.0.4.1",
"versionType": "server"
},
{
"lessThan": "\u003c",
"status": "affected",
"version": "5.1",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1\u003c/span\u003e"
}
],
"value": "Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario.\u00a0This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266: Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T13:30:22.423Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html"
},
{
"url": "https://www.microfocus.com/documentation/access-manager/5.1/accessmanager51-release-notes/accessmanager51-release-notes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "User impersonation with MFA when configure in specific way",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-4555",
"datePublished": "2024-08-28T06:27:21.348Z",
"dateReserved": "2024-05-06T17:46:21.043Z",
"dateUpdated": "2025-10-06T13:30:22.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4556 (GCVE-0-2024-4556)
Vulnerability from cvelistv5 – Published: 2024-08-28 06:27 – Updated: 2024-08-28 13:27
VLAI?
Title
Directory traversal vulnerability in NetIQ Access Manager
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1.
Severity ?
5.7 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | NetIQ Access Manager |
Affected:
5.0.4.1 , < < =
(server)
Affected: 5.1 , < < (server) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "access_manager",
"vendor": "netiq",
"versions": [
{
"lessThan": "5.0.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4556",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:22:31.399375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T13:27:43.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "NetIQ Access Manager",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c =",
"status": "affected",
"version": "5.0.4.1",
"versionType": "server"
},
{
"lessThan": "\u003c",
"status": "affected",
"version": "5.1",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in OpenText NetIQ Access Manager allows access the sensitive information.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects NetIQ Access Manager before 5.0.4 and before 5.1.\u003c/span\u003e"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in OpenText NetIQ Access Manager allows access the sensitive information.\u00a0This issue affects NetIQ Access Manager before 5.0.4 and before 5.1."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T06:27:07.990Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html"
},
{
"url": "https://www.microfocus.com/documentation/access-manager/5.1/accessmanager51-release-notes/accessmanager51-release-notes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Directory traversal vulnerability in NetIQ Access Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-4556",
"datePublished": "2024-08-28T06:27:07.990Z",
"dateReserved": "2024-05-06T17:46:22.135Z",
"dateUpdated": "2024-08-28T13:27:43.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11843 (GCVE-0-2020-11843)
Vulnerability from cvelistv5 – Published: 2024-06-11 07:23 – Updated: 2024-08-04 11:42
VLAI?
Title
Potential information leakage in administrator enabled debug mode
Summary
This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before
Severity ?
6.5 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | NetIQ Access Manager |
Affected:
4.5 , < <
(server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-11843",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:48:24.994478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:48:33.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/access-manager-45/accessmanager452-hf1-release-notes/data/accessmanager452-hf1-release-notes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/access-manager-44/accessmanager444-hf3-release-notes/data/accessmanager444-hf3-release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "NetIQ Access Manager",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "4.5",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This allows the information exposure to unauthorized users.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects NetIQ Access Manager using version 4.5 or before\u0026nbsp;\u003c/span\u003e"
}
],
"value": "This allows the information exposure to unauthorized users.\u00a0This issue affects NetIQ Access Manager using version 4.5 or before"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T07:23:38.502Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/access-manager-45/accessmanager452-hf1-release-notes/data/accessmanager452-hf1-release-notes.html"
},
{
"url": "https://www.netiq.com/documentation/access-manager-44/accessmanager444-hf3-release-notes/data/accessmanager444-hf3-release-notes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential information leakage in administrator enabled debug mode",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2020-11843",
"datePublished": "2024-06-11T07:23:38.502Z",
"dateReserved": "2020-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4554 (GCVE-0-2024-4554)
Vulnerability from nvd – Published: 2024-08-28 06:27 – Updated: 2025-10-06 13:30
VLAI?
Title
Multiple xss vulnerability in NetIQ Access Manager
Summary
Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects Access Manager before 5.0.4.1 and 5.1.
Severity ?
7.3 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | Access Manager |
Affected:
5.0.4.1 , < <
(server)
Affected: 5.1 , < < (server) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "access_manager",
"vendor": "netiq",
"versions": [
{
"lessThan": "5.0.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4554",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:28:17.128715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T13:28:23.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Access Manager",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "5.0.4.1",
"versionType": "server"
},
{
"lessThan": "\u003c",
"status": "affected",
"version": "5.1",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Access Manager before 5.0.4.1 and 5.1.\u003c/span\u003e"
}
],
"value": "Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack.\u00a0This issue affects Access Manager before 5.0.4.1 and 5.1."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T13:30:05.388Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html"
},
{
"url": "https://www.microfocus.com/documentation/access-manager/5.1/accessmanager51-release-notes/accessmanager51-release-notes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multiple xss vulnerability in NetIQ Access Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-4554",
"datePublished": "2024-08-28T06:27:31.937Z",
"dateReserved": "2024-05-06T17:46:06.036Z",
"dateUpdated": "2025-10-06T13:30:05.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4555 (GCVE-0-2024-4555)
Vulnerability from nvd – Published: 2024-08-28 06:27 – Updated: 2025-10-06 13:30
VLAI?
Title
User impersonation with MFA when configure in specific way
Summary
Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1
Severity ?
7.7 (High)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | NetIQ Access Manager |
Affected:
5.0.4.1 , < <
(server)
Affected: 5.1 , < < (server) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "access_manager",
"vendor": "netiq",
"versions": [
{
"lessThan": "5.0.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4555",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:26:27.557273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T13:27:19.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "NetIQ Access Manager",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "5.0.4.1",
"versionType": "server"
},
{
"lessThan": "\u003c",
"status": "affected",
"version": "5.1",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1\u003c/span\u003e"
}
],
"value": "Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario.\u00a0This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266: Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T13:30:22.423Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html"
},
{
"url": "https://www.microfocus.com/documentation/access-manager/5.1/accessmanager51-release-notes/accessmanager51-release-notes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "User impersonation with MFA when configure in specific way",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-4555",
"datePublished": "2024-08-28T06:27:21.348Z",
"dateReserved": "2024-05-06T17:46:21.043Z",
"dateUpdated": "2025-10-06T13:30:22.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4556 (GCVE-0-2024-4556)
Vulnerability from nvd – Published: 2024-08-28 06:27 – Updated: 2024-08-28 13:27
VLAI?
Title
Directory traversal vulnerability in NetIQ Access Manager
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1.
Severity ?
5.7 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | NetIQ Access Manager |
Affected:
5.0.4.1 , < < =
(server)
Affected: 5.1 , < < (server) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "access_manager",
"vendor": "netiq",
"versions": [
{
"lessThan": "5.0.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4556",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:22:31.399375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T13:27:43.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "NetIQ Access Manager",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c =",
"status": "affected",
"version": "5.0.4.1",
"versionType": "server"
},
{
"lessThan": "\u003c",
"status": "affected",
"version": "5.1",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in OpenText NetIQ Access Manager allows access the sensitive information.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects NetIQ Access Manager before 5.0.4 and before 5.1.\u003c/span\u003e"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in OpenText NetIQ Access Manager allows access the sensitive information.\u00a0This issue affects NetIQ Access Manager before 5.0.4 and before 5.1."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T06:27:07.990Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html"
},
{
"url": "https://www.microfocus.com/documentation/access-manager/5.1/accessmanager51-release-notes/accessmanager51-release-notes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Directory traversal vulnerability in NetIQ Access Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-4556",
"datePublished": "2024-08-28T06:27:07.990Z",
"dateReserved": "2024-05-06T17:46:22.135Z",
"dateUpdated": "2024-08-28T13:27:43.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11843 (GCVE-0-2020-11843)
Vulnerability from nvd – Published: 2024-06-11 07:23 – Updated: 2024-08-04 11:42
VLAI?
Title
Potential information leakage in administrator enabled debug mode
Summary
This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before
Severity ?
6.5 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | NetIQ Access Manager |
Affected:
4.5 , < <
(server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-11843",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:48:24.994478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:48:33.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/access-manager-45/accessmanager452-hf1-release-notes/data/accessmanager452-hf1-release-notes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/access-manager-44/accessmanager444-hf3-release-notes/data/accessmanager444-hf3-release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "NetIQ Access Manager",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "4.5",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This allows the information exposure to unauthorized users.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects NetIQ Access Manager using version 4.5 or before\u0026nbsp;\u003c/span\u003e"
}
],
"value": "This allows the information exposure to unauthorized users.\u00a0This issue affects NetIQ Access Manager using version 4.5 or before"
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T07:23:38.502Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/access-manager-45/accessmanager452-hf1-release-notes/data/accessmanager452-hf1-release-notes.html"
},
{
"url": "https://www.netiq.com/documentation/access-manager-44/accessmanager444-hf3-release-notes/data/accessmanager444-hf3-release-notes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential information leakage in administrator enabled debug mode",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2020-11843",
"datePublished": "2024-06-11T07:23:38.502Z",
"dateReserved": "2020-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}