Search Results (17 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-25675 3 Arcasolutions, Edirectory, Microfocus 3 Edirectory, Edirectory, Edirectory 2026-07-15 8.2 High
eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection to authenticate as administrator, then leverage authenticated file disclosure vulnerabilities in language_file.php to read arbitrary PHP files from the server.
CVE-2012-0428 1 Microfocus 1 Edirectory 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-0429 1 Microfocus 1 Edirectory 2025-04-11 N/A
dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request.
CVE-2012-0430 1 Microfocus 1 Edirectory 2025-04-11 N/A
Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors.
CVE-2012-0432 1 Microfocus 1 Edirectory 2025-04-11 N/A
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.
CVE-2018-7692 1 Microfocus 1 Edirectory 2024-11-21 N/A
Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.
CVE-2018-7686 1 Microfocus 1 Edirectory 2024-11-21 N/A
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
CVE-2018-17952 1 Microfocus 1 Edirectory 2024-11-21 N/A
Cross site scripting vulnerability in eDirectory prior to 9.1 SP2
CVE-2018-17950 1 Microfocus 1 Edirectory 2024-11-21 N/A
Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2
CVE-2017-9285 2 Microfocus, Netiq 2 Edirectory, Edirectory 2024-11-21 N/A
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
CVE-2017-7429 2 Microfocus, Netiq 2 Edirectory, Edirectory 2024-11-21 N/A
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
CVE-2021-22503 1 Microfocus 1 Edirectory 2024-09-19 5.4 Medium
Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.3.0000.
CVE-2021-22533 2 Microfocus, Opentext 2 Edirectory, Edirectory 2024-09-19 6.5 Medium
Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000.
CVE-2021-22532 1 Microfocus 1 Edirectory 2024-09-19 7.6 High
Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText™ eDirectory before 9.2.4.0000.
CVE-2021-38133 1 Microfocus 1 Edirectory 2024-09-18 7.4 High
Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.
CVE-2021-38132 2 Microfocus, Opentext 2 Edirectory, Edirectory 2024-09-18 5.3 Medium
Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.
CVE-2021-38131 1 Microfocus 1 Edirectory 2024-09-18 5.4 Medium
Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.5.0000.