Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

NetIQ — Vulnerabilities & Security Advisories 34

Browse all 34 CVE security advisories affecting NetIQ. AI-powered Chinese analysis, POCs, and references for each vulnerability.

NetIQ operates primarily as an identity and access management (IAM) provider, offering solutions for directory services, authentication, and policy enforcement. Its software portfolio, including Identity Manager and Access Manager, has historically been associated with several critical vulnerability classes, notably remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These weaknesses often stem from improper input validation or insecure default configurations within its web-based administrative interfaces. While specific major public breaches directly attributed to NetIQ are less documented compared to broader industry incidents, the presence of 34 recorded CVEs indicates a persistent attack surface requiring rigorous patch management. Security assessments frequently highlight the importance of securing these IAM components, as compromised identity services can lead to widespread unauthorized access across enterprise networks.

Top products by NetIQ: Identity Manager Access Manager iManager eDirectory Privileged Account Manager NetIQ Access Manager (NAM) Admin Console Identity Manager Plug-ins Identity Reporting Identity Manager Oracle EBS driver Identity Manager Applications IDM - Identity Applications
CVE IDTitleCVSSSeverityPublished
CVE-2016-1600 Micro Focus NetIQ Identity Manager ServiceNow驱动程序信息泄露漏洞 — Identity Manager 7.5 -2019-05-09
CVE-2018-12462 NetIQ iManager XSS vulnerabilities — iManager 6.1 -2018-07-10
CVE-2018-12461 Certificate Revocation Check failure — eDirectory 9.1 -2018-07-10
CVE-2017-9284 IDM 4.6 Identity Applications information leakage — IDM - Identity Applications 7.5 -2018-04-26
CVE-2017-9275 NetIQ Identity Reporting XSS exposure — Identity Reporting 6.1 -2018-04-26
CVE-2018-7676 IDM Information Leakage — Identity Manager 5.9 -2018-03-28
CVE-2018-7674 IDM URL Redirection attack — Identity Manager 6.1 -2018-03-28
CVE-2018-7673 NetIQ Identity Manager DoS Attack — Identity Manager 7.5 -2018-03-26
CVE-2018-1350 NetIQ Identity Manager Driver Component Information Leakage — Identity Manager 5.3 -2018-03-26
CVE-2018-1349 NetIQ Identity Manager Driver Component Log File Information Leakage — Identity Manager 4.3 -2018-03-26
CVE-2018-1348 NetIQ Identity Manager SSL Renegotiation — Identity Manager 7.4 -2018-03-26
CVE-2018-1347 NetIQ iManager, versions prior to 3.1, reflected XSS issue — iManager 6.1 -2018-03-21
CVE-2018-1344 NetIQ iManager Communication Downgrade Attack — iManager 5.8 -2018-03-21
CVE-2018-1345 iManager elevation of privilege — iManager 8.8 -2018-03-21
CVE-2018-1346 NetIQ eDirectory Denial of Service — eDirectory 7.5 -2018-03-21
CVE-2018-7677 CSRF in NetIQ Access Manager (NAM) Identity Server component — NetIQ Access Manager (NAM) Admin Console 8.8 -2018-03-14
CVE-2018-7678 XSS vulnerability in NetIQ Access Manager (NAM) Admin Console component — NetIQ Access Manager (NAM) Admin Console 4.8 -2018-03-14
CVE-2017-7437 Cross site scripting attacks against NetIQ Privileged Account Manager — Privileged Account Manager 6.1 -2018-03-05
CVE-2017-7427 iManager - Multiple Reflected Cross-Site Scripting attacks — Identity Manager 6.1 -2018-03-05
CVE-2017-9280 Novell Identity Manager User Application get request url contains the session token. — Identity Manager Applications 8.1 -2018-03-02
CVE-2017-9285 Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface — eDirectory 9.1 -2018-03-02
CVE-2017-9279 NetIQ Identity Manager allowed uploading of user icons with incorrect types or extensions — Identity Manager 7.2 -2018-03-02
CVE-2017-9278 Avoid password disclosure via EBS event logging in the iManager Oracle driver — Identity Manager Oracle EBS driver 8.8 -2018-03-02
CVE-2017-9276 XSS Vulnerability in iManager — Access ManagerCWE-79 6.1 -2018-03-02
CVE-2017-7438 DOM cross site scripting attack against NetIQ Privileged Account Manager — Privileged Account Manager 6.1 -2018-03-02
CVE-2017-7434 NetIQ Identity Manager JDBC driver could leak passwords in exception traces — Identity Manager 9.8 -2018-03-02
CVE-2017-7429 Fix for NetIQ shell code upload — eDirectoryCWE-434 8.8 -2018-03-02
CVE-2017-7419 NetIQ Access Manager OAuth Consent screen XSS attack — Access Manager 6.1 -2018-03-02
CVE-2017-5189 private SSL key embedded in JAR file in iManager — iManager 9.1 -2018-03-02
CVE-2017-14802 Unvalidated Redirect in NetIQ Access Manager after upgrading to NAM 4.3 AC and IDP URLs — Access Manager 6.1 -2018-03-02

This page lists every published CVE security advisory associated with NetIQ. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.