Vulnerabilites related to microfocus - edirectory
Vulnerability from fkie_nvd
Published
2012-12-25 12:13
Modified
2024-11-21 01:34
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | edirectory | 8.8.6.0 | |
| microfocus | edirectory | 8.8.6.1 | |
| microfocus | edirectory | 8.8.6.2 | |
| microfocus | edirectory | 8.8.6.3 | |
| microfocus | edirectory | 8.8.6.4 | |
| microfocus | edirectory | 8.8.6.5 | |
| microfocus | edirectory | 8.8.6.6 | |
| microfocus | edirectory | 8.8.7.0 | |
| microfocus | edirectory | 8.8.7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3976A24E-99EE-48D8-BA0E-CE8BC654B6C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAC7ABE-A0E3-4B2D-8249-4794D7D21C35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF1D9B2-2528-4BA3-AD8D-7A5621044DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "339ADB6C-7F61-455D-82ED-D14E88D01346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5086C05D-8095-4CA9-983A-1E9D53485E30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6BBBCF-DCB3-4DC3-A1D2-DF8F2DE83A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB620DF-38EA-4851-A589-192FFD7D1B23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C70FFFF-161E-4A14-8F51-D734E0BF23D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F27E1A93-6999-4C2B-AE31-95C164C3CF1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en NetIQ eDirectory v8.8.6.x antes de v8.8.6.7 y v8.8.7.x antes de v8.8.7.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados.\r\n"
}
],
"id": "CVE-2012-0428",
"lastModified": "2024-11-21T01:34:56.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-12-25T12:13:04.037",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011539"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1027911"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772899"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-25 12:13
Modified
2024-11-21 01:34
Severity ?
Summary
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | edirectory | 8.8.7.0 | |
| microfocus | edirectory | 8.8.7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C70FFFF-161E-4A14-8F51-D734E0BF23D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F27E1A93-6999-4C2B-AE31-95C164C3CF1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer basado en pila en la implementaci\u00f3n de Novell NCP en NetIQ eDirectory v8.8.7.x ante v8.8.7.2 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de vectores desconocidos.\r\n"
}
],
"id": "CVE-2012-0432",
"lastModified": "2024-11-21T01:34:57.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-25T12:13:04.207",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=785272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=785272"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-02 20:29
Modified
2024-11-21 03:31
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | edirectory | * | |
| netiq | edirectory | 8.8.8 | |
| netiq | edirectory | 8.8.8 | |
| netiq | edirectory | 8.8.8 | |
| netiq | edirectory | 8.8.8 | |
| netiq | edirectory | 8.8.8 | |
| netiq | edirectory | 8.8.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:edirectory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F84A12FE-0920-45C3-BF8F-6B9D1030AE0D",
"versionEndIncluding": "8.8.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:edirectory:8.8.8:patch10:*:*:*:*:*:*",
"matchCriteriaId": "B4F19781-7439-4D43-9FE7-6ACB4C154513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:edirectory:8.8.8:patch5:*:*:*:*:*:*",
"matchCriteriaId": "B1FD6CA7-4B36-4835-8841-C964BCC98400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:edirectory:8.8.8:patch6:*:*:*:*:*:*",
"matchCriteriaId": "92A0DBF5-B69E-49C5-8D70-137B27619AEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:edirectory:8.8.8:patch7:*:*:*:*:*:*",
"matchCriteriaId": "EC21192D-9C4A-4841-861F-127AB1C5F9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:edirectory:8.8.8:patch8:*:*:*:*:*:*",
"matchCriteriaId": "C60A8A5D-F154-4520-8CE1-2EC889484562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:edirectory:8.8.8:patch9:*:*:*:*:*:*",
"matchCriteriaId": "4942CADE-A224-4929-91D8-AD0D82BE7341",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server."
},
{
"lang": "es",
"value": "La subida de certificados en el plugin NetIQ eDirectory PKI, en versiones anteriores a 8.8.8 Patch 10 Hotfix 1, podr\u00eda aprovecharse para subir c\u00f3digo JSP que puede ser empleado por atacantes autenticados para ejecutar applets JSP en el servidor iManager."
}
],
"id": "CVE-2017-7429",
"lastModified": "2024-11-21T03:31:52.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-02T20:29:00.490",
"references": [
{
"source": "security@opentext.com",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
},
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
},
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-12 13:15
Modified
2024-09-19 14:24
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Possible Insertion of Sensitive Information into Log File Vulnerability
in eDirectory has been discovered in
OpenText™ eDirectory 9.2.4.0000.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | edirectory | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:edirectory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85D52019-E10A-4F71-A99B-0EBF835CBAC0",
"versionEndExcluding": "9.2.4.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Possible Insertion of Sensitive Information into Log File Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.4.0000."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad de posible inserci\u00f3n de informaci\u00f3n confidencial en un archivo de registro en eDirectory en OpenText\u2122 eDirectory 9.2.4.0000."
}
],
"id": "CVE-2021-22533",
"lastModified": "2024-09-19T14:24:18.377",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-12T13:15:09.137",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory925_releasenotes/data/edirectory925_releasenotes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-12 14:29
Modified
2024-11-21 03:55
Severity ?
Summary
Cross site scripting vulnerability in eDirectory prior to 9.1 SP2
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | edirectory | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:edirectory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E363AAE-7156-4501-A212-979F18D98588",
"versionEndExcluding": "9.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting vulnerability in eDirectory prior to 9.1 SP2"
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Scripting (XSS) en eDirectory en versiones anteriores a la 9.1 SP2."
}
],
"id": "CVE-2018-17952",
"lastModified": "2024-11-21T03:55:16.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-12T14:29:00.430",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-09 21:29
Modified
2024-11-21 04:12
Severity ?
Summary
Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | edirectory | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:edirectory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48528FE1-F14C-4F0D-859E-BDEFC8C49335",
"versionEndIncluding": "9.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n no validada en NetIQ eDirectory en versiones anteriores a la 9.1.1 HF1."
}
],
"id": "CVE-2018-7692",
"lastModified": "2024-11-21T04:12:33.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-09T21:29:00.477",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-12 13:15
Modified
2024-09-19 14:22
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Possible NLDAP Denial of Service attack Vulnerability
in eDirectory has been discovered in
OpenText™
eDirectory before 9.2.4.0000.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | edirectory | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:edirectory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85D52019-E10A-4F71-A99B-0EBF835CBAC0",
"versionEndExcluding": "9.2.4.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Possible\u00a0NLDAP Denial of Service attack Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 \neDirectory before 9.2.4.0000."
},
{
"lang": "es",
"value": "Se ha descubierto una posible vulnerabilidad de ataque de denegaci\u00f3n de servicio NLDAP en eDirectory en OpenText\u2122 eDirectory anterior a 9.2.4.0000."
}
],
"id": "CVE-2021-22532",
"lastModified": "2024-09-19T14:22:43.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-12T13:15:08.837",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory925_releasenotes/data/edirectory925_releasenotes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-25 12:13
Modified
2024-11-21 01:34
Severity ?
Summary
Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | edirectory | 8.8.6.0 | |
| microfocus | edirectory | 8.8.6.1 | |
| microfocus | edirectory | 8.8.6.2 | |
| microfocus | edirectory | 8.8.6.3 | |
| microfocus | edirectory | 8.8.6.4 | |
| microfocus | edirectory | 8.8.6.5 | |
| microfocus | edirectory | 8.8.6.6 | |
| microfocus | edirectory | 8.8.7.0 | |
| microfocus | edirectory | 8.8.7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.0:-:*:*:*:windows:*:*",
"matchCriteriaId": "D3D3D42E-DDAB-44F0-85A4-A3953CB0EF1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.1:-:*:*:*:windows:*:*",
"matchCriteriaId": "21A19AA6-90CB-4867-8F40-20F45A38310E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.2:-:*:*:*:windows:*:*",
"matchCriteriaId": "2CC85421-00FF-4359-9543-BB11D099AC9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.3:-:*:*:*:windows:*:*",
"matchCriteriaId": "125E1837-0475-43DD-B3E8-42090CE7F2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.4:-:*:*:*:windows:*:*",
"matchCriteriaId": "46D6A35B-5324-48D6-AEF4-436E0D6CD3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.5:-:*:*:*:windows:*:*",
"matchCriteriaId": "33AAFD38-E68F-4A26-8469-6A9AA8C927F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.6:-:*:*:*:windows:*:*",
"matchCriteriaId": "9D005DC1-31D2-43B2-9B72-0FD9C42C0215",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.7.0:-:*:*:*:windows:*:*",
"matchCriteriaId": "FE700759-5AFC-4584-9DBD-83D41BEDC85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.7.1:-:*:*:*:windows:*:*",
"matchCriteriaId": "EAE7E3C6-08E8-45D7-8F3F-2173C3A1D1B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en NetIQ eDirectory v8.8.6.x antes de v8.8.6.7 y v8.8.7.x antes de v8.8.7.2 en Windows permite a atacantes remotos obtener una cookie de administrador y omitir las comprobaciones de autorizaci\u00f3n a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2012-0430",
"lastModified": "2024-11-21T01:34:57.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-25T12:13:04.160",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/support/kb/doc.php?id=7011538"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1027910"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/support/kb/doc.php?id=7011538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772898"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-12 13:15
Modified
2024-09-18 21:05
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Possible
External Service Interaction attack
in eDirectory has been discovered in
OpenText™ eDirectory. This impact all version before 9.2.6.0000.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | edirectory | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:edirectory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F14727F8-891A-4798-8A8B-F19EFE574D91",
"versionEndExcluding": "9.2.6.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Possible \nExternal Service Interaction attack\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u00a09.2.6.0000."
},
{
"lang": "es",
"value": "Se ha descubierto un posible ataque de interacci\u00f3n con servicios externos en eDirectory en OpenText\u2122 eDirectory. Esto afecta a todas las versiones anteriores a la 9.2.6.0000."
}
],
"id": "CVE-2021-38133",
"lastModified": "2024-09-18T21:05:17.027",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-12T13:15:10.327",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-12 13:15
Modified
2024-09-18 21:00
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Possible Cross-Site Scripting (XSS) Vulnerability
in eDirectory has been discovered in
OpenText™ eDirectory 9.2.5.0000.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | edirectory | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:edirectory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "622BA2A7-2931-4FCD-938D-EE573BC2AEBA",
"versionEndExcluding": "9.2.5.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Possible Cross-Site Scripting (XSS) Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.5.0000."
},
{
"lang": "es",
"value": "Se ha descubierto una posible vulnerabilidad de Cross-site Scripting (XSS) en eDirectory en OpenText\u2122 eDirectory 9.2.5.0000."
}
],
"id": "CVE-2021-38131",
"lastModified": "2024-09-18T21:00:30.420",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-12T13:15:09.700",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-09 21:29
Modified
2024-11-21 04:12
Severity ?
Summary
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | edirectory | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:edirectory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48528FE1-F14C-4F0D-859E-BDEFC8C49335",
"versionEndIncluding": "9.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage."
},
{
"lang": "es",
"value": "Vulnerabilidad de fuga de informaci\u00f3n en NetIQ eDirectory en versiones anteriores a la 9.1.1 HF1 debido al uso de memoria compartida."
}
],
"id": "CVE-2018-7686",
"lastModified": "2024-11-21T04:12:32.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-09T21:29:00.353",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-25 12:13
Modified
2024-11-21 01:34
Severity ?
Summary
dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | edirectory | 8.8.6.0 | |
| microfocus | edirectory | 8.8.6.1 | |
| microfocus | edirectory | 8.8.6.2 | |
| microfocus | edirectory | 8.8.6.3 | |
| microfocus | edirectory | 8.8.6.4 | |
| microfocus | edirectory | 8.8.6.5 | |
| microfocus | edirectory | 8.8.6.6 | |
| microfocus | edirectory | 8.8.7.0 | |
| microfocus | edirectory | 8.8.7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.0:-:*:*:*:windows:*:*",
"matchCriteriaId": "D3D3D42E-DDAB-44F0-85A4-A3953CB0EF1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.1:-:*:*:*:windows:*:*",
"matchCriteriaId": "21A19AA6-90CB-4867-8F40-20F45A38310E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.2:-:*:*:*:windows:*:*",
"matchCriteriaId": "2CC85421-00FF-4359-9543-BB11D099AC9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.3:-:*:*:*:windows:*:*",
"matchCriteriaId": "125E1837-0475-43DD-B3E8-42090CE7F2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.4:-:*:*:*:windows:*:*",
"matchCriteriaId": "46D6A35B-5324-48D6-AEF4-436E0D6CD3BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.5:-:*:*:*:windows:*:*",
"matchCriteriaId": "33AAFD38-E68F-4A26-8469-6A9AA8C927F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.6.6:-:*:*:*:windows:*:*",
"matchCriteriaId": "9D005DC1-31D2-43B2-9B72-0FD9C42C0215",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.7.0:-:*:*:*:windows:*:*",
"matchCriteriaId": "FE700759-5AFC-4584-9DBD-83D41BEDC85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:8.8.7.1:-:*:*:*:windows:*:*",
"matchCriteriaId": "EAE7E3C6-08E8-45D7-8F3F-2173C3A1D1B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request."
},
{
"lang": "es",
"value": "Dhost en NetIQ eDirectory v8.8.6.x antes de v8.8.6.7 y v8.8.7.x antes de v8.8.7.2 en Windows permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de caracteres extra\u00f1os en la solicitud HTTP.\r\n"
}
],
"id": "CVE-2012-0429",
"lastModified": "2024-11-21T01:34:57.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-25T12:13:04.113",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/support/kb/doc.php?id=7011533"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1027912"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/support/kb/doc.php?id=7011533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772895"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-12 13:15
Modified
2024-09-19 14:25
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Possible
Improper Neutralization of Input During Web Page Generation Vulnerability
in eDirectory has been discovered in
OpenText™ eDirectory 9.2.3.0000.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | edirectory | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:edirectory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85C24DED-776F-4D2D-8AEF-C116717C4F59",
"versionEndExcluding": "9.2.3.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Possible \nImproper Neutralization of Input During Web Page Generation Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.3.0000."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad que puede provocar una neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web en eDirectory en OpenText\u2122 eDirectory 9.2.3.0000."
}
],
"id": "CVE-2021-22503",
"lastModified": "2024-09-19T14:25:42.487",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-12T13:15:08.203",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory924_releasenotes/data/edirectory924_releasenotes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-12 13:15
Modified
2024-09-18 21:04
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Possible
External Service Interaction attack
in eDirectory has been discovered in
OpenText™ eDirectory. This impact all version before 9.2.6.0000.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | edirectory | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:edirectory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F14727F8-891A-4798-8A8B-F19EFE574D91",
"versionEndExcluding": "9.2.6.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Possible \nExternal Service Interaction attack\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u00a09.2.6.0000."
},
{
"lang": "es",
"value": "Se ha descubierto un posible ataque de interacci\u00f3n con servicios externos en eDirectory en OpenText\u2122 eDirectory. Esto afecta a todas las versiones anteriores a la 9.2.6.0000."
}
],
"id": "CVE-2021-38132",
"lastModified": "2024-09-18T21:04:11.840",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-12T13:15:10.050",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-02 20:29
Modified
2024-11-21 03:35
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | edirectory | * | |
| netiq | edirectory | 9.0 | |
| netiq | edirectory | 9.0 | |
| netiq | edirectory | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:edirectory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A43799B6-460B-4460-8220-B95A8598DCB4",
"versionEndIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:edirectory:9.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "747AA5D9-EB98-4612-8DED-ECC34715396A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:edirectory:9.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8C2F19B5-AB42-44F9-A142-0DD7F982BF14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netiq:edirectory:9.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "D1039C58-C75E-441C-910A-CF08F5AD7DD5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when \"ebaclient\" was used, allowing unpermitted access to eDirectory services."
},
{
"lang": "es",
"value": "NetIQ eDirectory, en versiones anteriores a la 9.0 SP4, no impon\u00eda restricciones de inicio de sesi\u00f3n al emplear \"ebaclient\". Esto permit\u00eda el acceso no autorizado a los servicios de eDirectory."
}
],
"id": "CVE-2017-9285",
"lastModified": "2024-11-21T03:35:45.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-02T20:29:01.020",
"references": [
{
"source": "security@opentext.com",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
},
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
},
{
"source": "security@opentext.com",
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-12 14:29
Modified
2024-11-21 03:55
Severity ?
Summary
Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | edirectory | * | |
| microfocus | edirectory | 9.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:edirectory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5FC044F-E4B9-4027-AAA7-FCABACA1942E",
"versionEndIncluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:edirectory:9.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1B1B8DA6-7A9A-45D8-ADD4-449DEDD49BD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2"
},
{
"lang": "es",
"value": "Aplicaci\u00f3n incorrecta de las comprobaciones de autorizaci\u00f3n en eDirectory en versiones anteriores a la 9.1 SP2."
}
],
"id": "CVE-2018-17950",
"lastModified": "2024-11-21T03:55:16.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-12T14:29:00.383",
"references": [
{
"source": "security@opentext.com",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2018-17950
Vulnerability from cvelistv5
Published
2018-12-12 14:00
Modified
2024-08-05 11:01
Severity ?
EPSS score ?
Summary
Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ eDirectory 9.1 SP2 |
Version: All versions prior to version 9.1 SP2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ eDirectory 9.1 SP2",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 9.1 SP2"
}
]
}
],
"datePublic": "2018-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:47",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-17950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ eDirectory 9.1 SP2",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 9.1 SP2"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html",
"refsource": "MISC",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-17950",
"datePublished": "2018-12-12T14:00:00",
"dateReserved": "2018-10-03T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38131
Vulnerability from cvelistv5
Published
2024-09-12 12:42
Modified
2024-09-12 12:57
Severity ?
EPSS score ?
Summary
Possible Cross-Site Scripting (XSS) Vulnerability
in eDirectory has been discovered in
OpenText™ eDirectory 9.2.5.0000.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | eDirectory |
Version: 9.2.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T12:56:56.507059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:57:07.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "eDirectory",
"vendor": "OpenText",
"versions": [
{
"lessThanOrEqual": "9.2.5.0000",
"status": "affected",
"version": "9.2.0",
"versionType": "rpm, exe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003ePossible Cross-Site Scripting (XSS) Vulnerability\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eeDirectory 9.2.5.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
}
],
"value": "Possible Cross-Site Scripting (XSS) Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.5.0000."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:42:36.704Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-38131",
"datePublished": "2024-09-12T12:42:36.704Z",
"dateReserved": "2021-08-04T20:57:01.491Z",
"dateUpdated": "2024-09-12T12:57:07.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38133
Vulnerability from cvelistv5
Published
2024-09-12 12:41
Modified
2024-09-12 12:58
Severity ?
EPSS score ?
Summary
Possible
External Service Interaction attack
in eDirectory has been discovered in
OpenText™ eDirectory. This impact all version before 9.2.6.0000.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | eDirectory |
Version: 9.2.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T12:58:03.843046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:58:13.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "eDirectory",
"vendor": "OpenText",
"versions": [
{
"lessThanOrEqual": "9.2.5.0000",
"status": "affected",
"version": "9.2.0",
"versionType": "rpm, exe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003ePossible \nExternal Service Interaction attack\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u0026nbsp;\u003c/strong\u003e\u003cstrong\u003e9.2.6.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
}
],
"value": "Possible \nExternal Service Interaction attack\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u00a09.2.6.0000."
}
],
"impacts": [
{
"capecId": "CAPEC-112",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-112 Brute Force"
}
]
},
{
"capecId": "CAPEC-16",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-16 Dictionary-based Password Attack"
}
]
},
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
},
{
"capecId": "CAPEC-70",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-70 Try Common or Default Usernames and Passwords"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:41:46.807Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible Improper authentication Vulnerability in OpenText eDirectory",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-38133",
"datePublished": "2024-09-12T12:41:46.807Z",
"dateReserved": "2021-08-04T20:57:01.491Z",
"dateUpdated": "2024-09-12T12:58:13.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9285
Vulnerability from cvelistv5
Published
2018-03-02 20:00
Modified
2024-09-17 00:25
Severity ?
EPSS score ?
Summary
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.novell.com/support/kb/doc.php?id=7016794 | x_refsource_CONFIRM | |
| https://bugzilla.suse.com/show_bug.cgi?id=1029077 | x_refsource_CONFIRM | |
| https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | eDirectory |
Version: unspecified < 9.0 SP4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eDirectory",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "9.0 SP4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when \"ebaclient\" was used, allowing unpermitted access to eDirectory services."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Lack of access checks",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:35",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
}
],
"source": {
"defect": [
"1029077"
],
"discovery": "INTERNAL"
},
"title": "Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2017-10-02T00:00:00.000Z",
"ID": "CVE-2017-9285",
"STATE": "PUBLIC",
"TITLE": "Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eDirectory",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "9.0 SP4"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when \"ebaclient\" was used, allowing unpermitted access to eDirectory services."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Lack of access checks"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7016794",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1029077",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1029077"
},
{
"name": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"
}
]
},
"source": {
"defect": [
"1029077"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-9285",
"datePublished": "2018-03-02T20:00:00Z",
"dateReserved": "2017-05-29T00:00:00",
"dateUpdated": "2024-09-17T00:25:58.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7692
Vulnerability from cvelistv5
Published
2018-08-09 21:00
Modified
2024-09-16 19:20
Severity ?
EPSS score ?
Summary
Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ eDirectory Versions prior to 9.1.1 HF1 |
Version: Versions prior to 9.1.1 HF1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ eDirectory Versions prior to 9.1.1 HF1",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Versions prior to 9.1.1 HF1"
}
]
}
],
"datePublic": "2018-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Redirection vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:42",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-08-09T00:00:00",
"ID": "CVE-2018-7692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ eDirectory Versions prior to 9.1.1 HF1",
"version": {
"version_data": [
{
"version_value": "Versions prior to 9.1.1 HF1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Redirection vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html",
"refsource": "MISC",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7692",
"datePublished": "2018-08-09T21:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-16T19:20:45.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-17952
Vulnerability from cvelistv5
Published
2018-12-12 14:00
Modified
2024-08-05 11:01
Severity ?
EPSS score ?
Summary
Cross site scripting vulnerability in eDirectory prior to 9.1 SP2
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ eDirectory 9.1 SP2 |
Version: All versions prior to version 9.1 SP2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ eDirectory 9.1 SP2",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 9.1 SP2"
}
]
}
],
"datePublic": "2018-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting vulnerability in eDirectory prior to 9.1 SP2"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:48",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2018-17952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ eDirectory 9.1 SP2",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 9.1 SP2"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross site scripting vulnerability in eDirectory prior to 9.1 SP2"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html",
"refsource": "MISC",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-17952",
"datePublished": "2018-12-12T14:00:00",
"dateReserved": "2018-10-03T00:00:00",
"dateUpdated": "2024-08-05T11:01:14.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0428
Vulnerability from cvelistv5
Published
2012-12-25 11:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1027911 | vdb-entry, x_refsource_SECTRACK | |
| http://www.novell.com/support/kb/doc.php?id=7011539 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=772899 | x_refsource_CONFIRM | |
| http://www.novell.com/support/kb/doc.php?id=3426981 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027911",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027911"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011539"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-14T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1027911",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027911"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011539"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027911",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027911"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7011539",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7011539"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=772899",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772899"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0428",
"datePublished": "2012-12-25T11:00:00",
"dateReserved": "2012-01-09T00:00:00",
"dateUpdated": "2024-08-06T18:23:30.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22533
Vulnerability from cvelistv5
Published
2024-09-12 12:43
Modified
2024-09-12 13:06
Severity ?
EPSS score ?
Summary
Possible Insertion of Sensitive Information into Log File Vulnerability
in eDirectory has been discovered in
OpenText™ eDirectory 9.2.4.0000.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | eDirectory |
Version: 9.2.4.0000 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opentext:edirectory:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edirectory",
"vendor": "opentext",
"versions": [
{
"lessThan": "9.2.4.0000",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-22533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T12:56:49.548870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:06:12.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "eDirectory",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "9.2.4.0000",
"versionType": "rpm, exe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003ePossible Insertion of Sensitive Information into Log File Vulnerability\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 eDirectory 9.2.4.0000\u003cstrong\u003e.\u003c/strong\u003e\u003c/strong\u003e\u003cstrong\u003e\u003cbr\u003e\u003c/strong\u003e"
}
],
"value": "Possible Insertion of Sensitive Information into Log File Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.4.0000."
}
],
"impacts": [
{
"capecId": "CAPEC-215",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-215 Fuzzing for application mapping"
}
]
},
{
"capecId": "CAPEC-261",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-261 Fuzzing for garnering other adjacent user/sensitive data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:43:51.734Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory925_releasenotes/data/edirectory925_releasenotes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible Insertion of Sensitive Information into Log File Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-22533",
"datePublished": "2024-09-12T12:43:51.734Z",
"dateReserved": "2021-01-05T18:14:04.352Z",
"dateUpdated": "2024-09-12T13:06:12.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22503
Vulnerability from cvelistv5
Published
2024-09-12 12:44
Modified
2024-09-12 12:57
Severity ?
EPSS score ?
Summary
Possible
Improper Neutralization of Input During Web Page Generation Vulnerability
in eDirectory has been discovered in
OpenText™ eDirectory 9.2.3.0000.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | eDirectory |
Version: 9.2.3.0000 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-22503",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T12:56:14.643731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:57:21.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "eDirectory",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "9.2.3.0000",
"versionType": "rpm, exe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003ePossible \nImproper Neutralization of Input During Web Page Generation Vulnerability\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 eDirectory \u003c/strong\u003e\u003cstrong\u003e9.2.3.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
}
],
"value": "Possible \nImproper Neutralization of Input During Web Page Generation Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory 9.2.3.0000."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:44:45.771Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory924_releasenotes/data/edirectory924_releasenotes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Input During Web Page Generation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-22503",
"datePublished": "2024-09-12T12:44:45.771Z",
"dateReserved": "2021-01-05T18:14:04.348Z",
"dateUpdated": "2024-09-12T12:57:21.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38132
Vulnerability from cvelistv5
Published
2024-09-12 12:42
Modified
2024-09-12 13:05
Severity ?
EPSS score ?
Summary
Possible
External Service Interaction attack
in eDirectory has been discovered in
OpenText™ eDirectory. This impact all version before 9.2.6.0000.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | eDirectory |
Version: 9.1.2 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opentext:edirectory:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "edirectory",
"vendor": "opentext",
"versions": [
{
"lessThanOrEqual": "9.2.5.0000",
"status": "affected",
"version": "9.1.2",
"versionType": "rpm"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T12:57:47.963127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T13:05:51.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "eDirectory",
"vendor": "OpenText",
"versions": [
{
"lessThanOrEqual": "9.2.5.0000",
"status": "affected",
"version": "9.1.2",
"versionType": "rpm, exe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003ePossible \nExternal Service Interaction attack\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u0026nbsp;\u003c/strong\u003e\u003cstrong\u003e9.2.6.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
}
],
"value": "Possible \nExternal Service Interaction attack\n\nin eDirectory has been discovered in\nOpenText\u2122 eDirectory. This impact all version before\u00a09.2.6.0000."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:42:19.675Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory926_releasenotes/data/edirectory926_releasenotes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible External service interaction Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-38132",
"datePublished": "2024-09-12T12:42:19.675Z",
"dateReserved": "2021-08-04T20:57:01.491Z",
"dateUpdated": "2024-09-12T13:05:51.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7686
Vulnerability from cvelistv5
Published
2018-08-09 21:00
Modified
2024-09-17 03:43
Severity ?
EPSS score ?
Summary
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | eDirectory (ZDI) |
Version: Versions prior to 9.1.1 HF1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eDirectory (ZDI)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Versions prior to 9.1.1 HF1"
}
]
}
],
"datePublic": "2018-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Leakage.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:43",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-08-09T00:00:00",
"ID": "CVE-2018-7686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eDirectory (ZDI)",
"version": {
"version_data": [
{
"version_value": "Versions prior to 9.1.1 HF1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Leakage."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html",
"refsource": "MISC",
"url": "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7686",
"datePublished": "2018-08-09T21:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-17T03:43:00.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0430
Vulnerability from cvelistv5
Published
2012-12-25 11:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/support/kb/doc.php?id=7011538 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1027910 | vdb-entry, x_refsource_SECTRACK | |
| http://www.novell.com/support/kb/doc.php?id=3426981 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=772898 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:31.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011538"
},
{
"name": "1027910",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027910"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772898"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-14T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011538"
},
{
"name": "1027910",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027910"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/kb/doc.php?id=7011538",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7011538"
},
{
"name": "1027910",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027910"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=772898",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0430",
"datePublished": "2012-12-25T11:00:00",
"dateReserved": "2012-01-09T00:00:00",
"dateUpdated": "2024-08-06T18:23:31.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0432
Vulnerability from cvelistv5
Published
2012-12-25 11:00
Modified
2024-09-16 19:00
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/support/kb/doc.php?id=3426981 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=785272 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=785272"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-25T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=785272"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=785272",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=785272"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0432",
"datePublished": "2012-12-25T11:00:00Z",
"dateReserved": "2012-01-09T00:00:00Z",
"dateUpdated": "2024-09-16T19:00:30.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0429
Vulnerability from cvelistv5
Published
2012-12-25 11:00
Modified
2024-08-06 18:23
Severity ?
EPSS score ?
Summary
dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1027912 | vdb-entry, x_refsource_SECTRACK | |
| http://www.novell.com/support/kb/doc.php?id=7011533 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=772895 | x_refsource_CONFIRM | |
| http://www.novell.com/support/kb/doc.php?id=3426981 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:30.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027912",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027912"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011533"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772895"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-14T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1027912",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027912"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=7011533"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772895"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027912",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027912"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7011533",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7011533"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=772895",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772895"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0429",
"datePublished": "2012-12-25T11:00:00",
"dateReserved": "2012-01-09T00:00:00",
"dateUpdated": "2024-08-06T18:23:30.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7429
Vulnerability from cvelistv5
Published
2018-03-02 20:00
Modified
2024-09-16 23:35
Severity ?
EPSS score ?
Summary
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1024957 | x_refsource_CONFIRM | |
| https://www.novell.com/support/kb/doc.php?id=3426981 | x_refsource_CONFIRM | |
| https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ | eDirectory |
Version: unspecified < 8.8.8 Patch 10 HF1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eDirectory",
"vendor": "NetIQ",
"versions": [
{
"lessThan": "8.8.8 Patch 10 HF1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "SySS GmbH"
}
],
"datePublic": "2017-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:34",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
}
],
"source": {
"defect": [
"1024957"
],
"discovery": "EXTERNAL"
},
"title": "Fix for NetIQ shell code upload",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2017-10-02T00:00:00.000Z",
"ID": "CVE-2017-7429",
"STATE": "PUBLIC",
"TITLE": "Fix for NetIQ shell code upload"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eDirectory",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "8.8.8 Patch 10 HF1"
}
]
}
}
]
},
"vendor_name": "NetIQ"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SySS GmbH"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1024957",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"name": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
}
]
},
"source": {
"defect": [
"1024957"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-7429",
"datePublished": "2018-03-02T20:00:00Z",
"dateReserved": "2017-04-05T00:00:00",
"dateUpdated": "2024-09-16T23:35:59.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22532
Vulnerability from cvelistv5
Published
2024-09-12 12:44
Modified
2024-09-12 12:57
Severity ?
EPSS score ?
Summary
Possible NLDAP Denial of Service attack Vulnerability
in eDirectory has been discovered in
OpenText™
eDirectory before 9.2.4.0000.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | eDirectory |
Version: 9.2.4.0000 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-22532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T12:56:39.146836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:57:35.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "eDirectory",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c",
"status": "affected",
"version": "9.2.4.0000",
"versionType": "rpm, exe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cstrong\u003ePossible\u0026nbsp;NLDAP Denial of Service attack Vulnerability\n\nin eDirectory \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \n\u003cstrong\u003e\u003c/strong\u003eeDirectory before 9.2.4.0000\u003cstrong\u003e.\u003c/strong\u003e\u003c/strong\u003e\u003cstrong\u003e\u003cbr\u003e\u003c/strong\u003e"
}
],
"value": "Possible\u00a0NLDAP Denial of Service attack Vulnerability\n\nin eDirectory has been discovered in\nOpenText\u2122 \neDirectory before 9.2.4.0000."
}
],
"impacts": [
{
"capecId": "CAPEC-125",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-125 Flooding"
}
]
},
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T12:44:20.724Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://www.netiq.com/documentation/edirectory-92/edirectory925_releasenotes/data/edirectory925_releasenotes.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible NLDAP Denial of Service attack Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2021-22532",
"datePublished": "2024-09-12T12:44:20.724Z",
"dateReserved": "2021-01-05T18:14:04.352Z",
"dateUpdated": "2024-09-12T12:57:35.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}