Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for eDirectory by NetIQ
CVE-2018-12461 (GCVE-0-2018-12461)
Vulnerability from cvelistv5 – Published: 2018-07-10 18:00 – Updated: 2024-09-16 17:18
VLAI
Title
Certificate Revocation Check failure
Summary
Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation.
Severity
CWE
- Under some circumstances certificate revocation checks in NetIQ eDirectory versions prior to 9.1.1 do not work.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netiq.com/support/kb/doc.php?id=7016794 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | eDirectory |
Affected:
eDirectory 9.1.1 , < 9.1.1
(custom)
|
Date Public
2018-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016794"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eDirectory",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "9.1.1",
"status": "affected",
"version": "eDirectory 9.1.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Under some circumstances certificate revocation checks in NetIQ eDirectory versions prior to 9.1.1 do not work.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:48.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016794"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to eDirectory 9.1.1 ."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Certificate Revocation Check failure",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-07-10T05:00:00.000Z",
"ID": "CVE-2018-12461",
"STATE": "PUBLIC",
"TITLE": "Certificate Revocation Check failure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eDirectory",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "eDirectory 9.1.1",
"version_value": "9.1.1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Under some circumstances certificate revocation checks in NetIQ eDirectory versions prior to 9.1.1 do not work."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/support/kb/doc.php?id=7016794",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016794"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to eDirectory 9.1.1 ."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-12461",
"datePublished": "2018-07-10T18:00:00.000Z",
"dateReserved": "2018-06-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:18:10.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1346 (GCVE-0-2018-1346)
Vulnerability from cvelistv5 – Published: 2018-03-21 14:00 – Updated: 2024-08-05 03:59
VLAI
Title
NetIQ eDirectory Denial of Service
Summary
Addresses denial of service attack to eDirectory versions prior to 9.1.
Severity
CWE
- Denial of Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.netiq.com/documentation/edirectory-91… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/103493 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | eDirectory |
Affected:
prior to (9.1) , < 9.1
(custom)
|
Date Public
2018-02-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory91_releasenotes/data/edirectory91_releasenotes.html"
},
{
"name": "103493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103493"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eDirectory",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "9.1",
"status": "affected",
"version": "prior to (9.1)",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-02-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Addresses denial of service attack to eDirectory versions prior to 9.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:04.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory91_releasenotes/data/edirectory91_releasenotes.html"
},
{
"name": "103493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103493"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to eDiectory 9.1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "NetIQ eDirectory Denial of Service",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-1346",
"STATE": "PUBLIC",
"TITLE": "NetIQ eDirectory Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eDirectory",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "prior to (9.1)",
"version_value": "9.1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Addresses denial of service attack to eDirectory versions prior to 9.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/edirectory-91/edirectory91_releasenotes/data/edirectory91_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory91_releasenotes/data/edirectory91_releasenotes.html"
},
{
"name": "103493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103493"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to eDiectory 9.1"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-1346",
"datePublished": "2018-03-21T14:00:00.000Z",
"dateReserved": "2017-12-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:59:38.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9285 (GCVE-0-2017-9285)
Vulnerability from cvelistv5 – Published: 2018-03-02 20:00 – Updated: 2024-09-17 00:25
VLAI
Title
Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface
Summary
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
Severity
5.4 (Medium)
CWE
- Lack of access checks
- CWE-284
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.novell.com/support/kb/doc.php?id=7016794 | x_refsource_CONFIRM |
| https://bugzilla.suse.com/show_bug.cgi?id=1029077 | x_refsource_CONFIRM |
| https://www.netiq.com/documentation/edirectory-9/… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | eDirectory |
Affected:
unspecified , < 9.0 SP4
(custom)
|
Date Public
2017-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eDirectory",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "9.0 SP4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when \"ebaclient\" was used, allowing unpermitted access to eDirectory services."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Lack of access checks",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:35.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
}
],
"source": {
"defect": [
"1029077"
],
"discovery": "INTERNAL"
},
"title": "Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2017-10-02T00:00:00.000Z",
"ID": "CVE-2017-9285",
"STATE": "PUBLIC",
"TITLE": "Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eDirectory",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "9.0 SP4"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when \"ebaclient\" was used, allowing unpermitted access to eDirectory services."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Lack of access checks"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7016794",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1029077",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
},
{
"name": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
}
]
},
"source": {
"defect": [
"1029077"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-9285",
"datePublished": "2018-03-02T20:00:00.000Z",
"dateReserved": "2017-05-29T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:25:58.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7429 (GCVE-0-2017-7429)
Vulnerability from cvelistv5 – Published: 2018-03-02 20:00 – Updated: 2024-09-16 23:35
VLAI
Title
Fix for NetIQ shell code upload
Summary
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
Severity
8.8 (High)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1024957 | x_refsource_CONFIRM |
| https://www.novell.com/support/kb/doc.php?id=3426981 | x_refsource_CONFIRM |
| https://www.netiq.com/documentation/edir88/edir88… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | eDirectory |
Affected:
unspecified , < 8.8.8 Patch 10 HF1
(custom)
|
Date Public
2017-10-02 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eDirectory",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "8.8.8 Patch 10 HF1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "SySS GmbH"
}
],
"datePublic": "2017-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:34.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
}
],
"source": {
"defect": [
"1024957"
],
"discovery": "EXTERNAL"
},
"title": "Fix for NetIQ shell code upload",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2017-10-02T00:00:00.000Z",
"ID": "CVE-2017-7429",
"STATE": "PUBLIC",
"TITLE": "Fix for NetIQ shell code upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eDirectory",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "8.8.8 Patch 10 HF1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SySS GmbH"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1024957",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"name": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
}
]
},
"source": {
"defect": [
"1024957"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-7429",
"datePublished": "2018-03-02T20:00:00.000Z",
"dateReserved": "2017-04-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:35:59.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5186 (GCVE-0-2017-5186)
Vulnerability from cvelistv5 – Published: 2017-04-27 14:00 – Updated: 2024-08-05 14:55
VLAI
Summary
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.
Severity
No CVSS data available.
CWE
- deprecated hashing algorithm
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://www.novell.com/support/kb/doc.php?id=7016794 | x_refsource_CONFIRM |
| https://www.novell.com/support/kb/doc.php?id=3426981 | x_refsource_CONFIRM |
| https://www.novell.com/support/kb/doc.php?id=7016795 | x_refsource_CONFIRM |
| https://bugzilla.novell.com/show_bug.cgi?id=1019789 | x_refsource_CONFIRM |
| https://bugzilla.novell.com/show_bug.cgi?id=988749 | x_refsource_CONFIRM |
| https://www.novell.com/support/kb/doc.php?id=7010166 | x_refsource_CONFIRM |
| https://bugzilla.novell.com/show_bug.cgi?id=1019041 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | NetIQ/Novell iManager and eDirectory |
Affected:
NetIQ/Novell iManager and eDirectory
|
Date Public
2017-04-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1019789"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=988749"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1019041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ/Novell iManager and eDirectory",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "NetIQ/Novell iManager and eDirectory"
}
]
}
],
"datePublic": "2017-04-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "deprecated hashing algorithm",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:59.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1019789"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=988749"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1019041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2017-5186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ/Novell iManager and eDirectory",
"version": {
"version_data": [
{
"version_value": "NetIQ/Novell iManager and eDirectory"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "deprecated hashing algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7016794",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7016795",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7016795"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1019789",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1019789"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=988749",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=988749"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7010166",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1019041",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1019041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-5186",
"datePublished": "2017-04-27T14:00:00.000Z",
"dateReserved": "2017-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:55:35.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12461 (GCVE-0-2018-12461)
Vulnerability from nvd – Published: 2018-07-10 18:00 – Updated: 2024-09-16 17:18
VLAI
Title
Certificate Revocation Check failure
Summary
Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation.
Severity
CWE
- Under some circumstances certificate revocation checks in NetIQ eDirectory versions prior to 9.1.1 do not work.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netiq.com/support/kb/doc.php?id=7016794 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | eDirectory |
Affected:
eDirectory 9.1.1 , < 9.1.1
(custom)
|
Date Public
2018-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016794"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eDirectory",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "9.1.1",
"status": "affected",
"version": "eDirectory 9.1.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Under some circumstances certificate revocation checks in NetIQ eDirectory versions prior to 9.1.1 do not work.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:48.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/support/kb/doc.php?id=7016794"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to eDirectory 9.1.1 ."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Certificate Revocation Check failure",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-07-10T05:00:00.000Z",
"ID": "CVE-2018-12461",
"STATE": "PUBLIC",
"TITLE": "Certificate Revocation Check failure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eDirectory",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "eDirectory 9.1.1",
"version_value": "9.1.1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Under some circumstances certificate revocation checks in NetIQ eDirectory versions prior to 9.1.1 do not work."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/support/kb/doc.php?id=7016794",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/support/kb/doc.php?id=7016794"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to eDirectory 9.1.1 ."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-12461",
"datePublished": "2018-07-10T18:00:00.000Z",
"dateReserved": "2018-06-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:18:10.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1346 (GCVE-0-2018-1346)
Vulnerability from nvd – Published: 2018-03-21 14:00 – Updated: 2024-08-05 03:59
VLAI
Title
NetIQ eDirectory Denial of Service
Summary
Addresses denial of service attack to eDirectory versions prior to 9.1.
Severity
CWE
- Denial of Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.netiq.com/documentation/edirectory-91… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/103493 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | eDirectory |
Affected:
prior to (9.1) , < 9.1
(custom)
|
Date Public
2018-02-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory91_releasenotes/data/edirectory91_releasenotes.html"
},
{
"name": "103493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103493"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eDirectory",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "9.1",
"status": "affected",
"version": "prior to (9.1)",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-02-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Addresses denial of service attack to eDirectory versions prior to 9.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:04.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory91_releasenotes/data/edirectory91_releasenotes.html"
},
{
"name": "103493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103493"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to eDiectory 9.1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "NetIQ eDirectory Denial of Service",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-1346",
"STATE": "PUBLIC",
"TITLE": "NetIQ eDirectory Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eDirectory",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "prior to (9.1)",
"version_value": "9.1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Addresses denial of service attack to eDirectory versions prior to 9.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/edirectory-91/edirectory91_releasenotes/data/edirectory91_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory91_releasenotes/data/edirectory91_releasenotes.html"
},
{
"name": "103493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103493"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to eDiectory 9.1"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-1346",
"datePublished": "2018-03-21T14:00:00.000Z",
"dateReserved": "2017-12-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:59:38.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9285 (GCVE-0-2017-9285)
Vulnerability from nvd – Published: 2018-03-02 20:00 – Updated: 2024-09-17 00:25
VLAI
Title
Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface
Summary
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
Severity
5.4 (Medium)
CWE
- Lack of access checks
- CWE-284
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.novell.com/support/kb/doc.php?id=7016794 | x_refsource_CONFIRM |
| https://bugzilla.suse.com/show_bug.cgi?id=1029077 | x_refsource_CONFIRM |
| https://www.netiq.com/documentation/edirectory-9/… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | eDirectory |
Affected:
unspecified , < 9.0 SP4
(custom)
|
Date Public
2017-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eDirectory",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "9.0 SP4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when \"ebaclient\" was used, allowing unpermitted access to eDirectory services."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Lack of access checks",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:35.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
}
],
"source": {
"defect": [
"1029077"
],
"discovery": "INTERNAL"
},
"title": "Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2017-10-02T00:00:00.000Z",
"ID": "CVE-2017-9285",
"STATE": "PUBLIC",
"TITLE": "Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eDirectory",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "9.0 SP4"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when \"ebaclient\" was used, allowing unpermitted access to eDirectory services."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Lack of access checks"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7016794",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1029077",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
},
{
"name": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
}
]
},
"source": {
"defect": [
"1029077"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-9285",
"datePublished": "2018-03-02T20:00:00.000Z",
"dateReserved": "2017-05-29T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:25:58.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-7429 (GCVE-0-2017-7429)
Vulnerability from nvd – Published: 2018-03-02 20:00 – Updated: 2024-09-16 23:35
VLAI
Title
Fix for NetIQ shell code upload
Summary
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
Severity
8.8 (High)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1024957 | x_refsource_CONFIRM |
| https://www.novell.com/support/kb/doc.php?id=3426981 | x_refsource_CONFIRM |
| https://www.netiq.com/documentation/edir88/edir88… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NetIQ | eDirectory |
Affected:
unspecified , < 8.8.8 Patch 10 HF1
(custom)
|
Date Public
2017-10-02 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eDirectory",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "8.8.8 Patch 10 HF1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "SySS GmbH"
}
],
"datePublic": "2017-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:34.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
}
],
"source": {
"defect": [
"1024957"
],
"discovery": "EXTERNAL"
},
"title": "Fix for NetIQ shell code upload",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2017-10-02T00:00:00.000Z",
"ID": "CVE-2017-7429",
"STATE": "PUBLIC",
"TITLE": "Fix for NetIQ shell code upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eDirectory",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "8.8.8 Patch 10 HF1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SySS GmbH"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1024957",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"name": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
}
]
},
"source": {
"defect": [
"1024957"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-7429",
"datePublished": "2018-03-02T20:00:00.000Z",
"dateReserved": "2017-04-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:35:59.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5186 (GCVE-0-2017-5186)
Vulnerability from nvd – Published: 2017-04-27 14:00 – Updated: 2024-08-05 14:55
VLAI
Summary
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.
Severity
No CVSS data available.
CWE
- deprecated hashing algorithm
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://www.novell.com/support/kb/doc.php?id=7016794 | x_refsource_CONFIRM |
| https://www.novell.com/support/kb/doc.php?id=3426981 | x_refsource_CONFIRM |
| https://www.novell.com/support/kb/doc.php?id=7016795 | x_refsource_CONFIRM |
| https://bugzilla.novell.com/show_bug.cgi?id=1019789 | x_refsource_CONFIRM |
| https://bugzilla.novell.com/show_bug.cgi?id=988749 | x_refsource_CONFIRM |
| https://www.novell.com/support/kb/doc.php?id=7010166 | x_refsource_CONFIRM |
| https://bugzilla.novell.com/show_bug.cgi?id=1019041 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | NetIQ/Novell iManager and eDirectory |
Affected:
NetIQ/Novell iManager and eDirectory
|
Date Public
2017-04-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1019789"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=988749"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1019041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ/Novell iManager and eDirectory",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "NetIQ/Novell iManager and eDirectory"
}
]
}
],
"datePublic": "2017-04-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "deprecated hashing algorithm",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:59.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1019789"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=988749"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1019041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2017-5186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ/Novell iManager and eDirectory",
"version": {
"version_data": [
{
"version_value": "NetIQ/Novell iManager and eDirectory"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "deprecated hashing algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7016794",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7016795",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7016795"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1019789",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1019789"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=988749",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=988749"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7010166",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7010166"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1019041",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1019041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-5186",
"datePublished": "2017-04-27T14:00:00.000Z",
"dateReserved": "2017-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:55:35.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}