Security Alerts - Access Manager (NAM)

Key:

  •  Security Alert

CVE-2020-1938: Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability (7024539)
6-Apr-2020 Support KB Article (TID)

API's data during scope creation is not getting validated due to XSS (CVE-2019-11659) (7024155)
3-Oct-2019 Support KB Article (TID)

Java Deserialization Vulnerability in Persistence Auth Class (CVE-2019-11672) (7024156)
1-Oct-2019 Support KB Article (TID)

XSS Vulnerability with register_client.jsp (CVE-2019-11673) (7024157)
1-Oct-2019 Support KB Article (TID)

NetIQ Access Manager Cross-site request forgery vulnerablity reported againt IDP login page (CVE-2018-7677) (7022725)
30-Aug-2019 Support KB Article (TID)

Cross-site scripting vulnerability with Identity Server endpoints (CVE-2018-12480) (7023513)
12-Nov-2018 Support KB Article (TID)

Access Manager Identity Server and SAML vulnerability CVE-2018-0486 and Cert Vulnerability Note VU#475445 (7022691)
4-Apr-2018 Support KB Article (TID)

XSS vulnerability in Admin Console (CVE-2018-7678) (7022724)
4-Apr-2018 Support KB Article (TID)

Security vulnerability with Identity Server allows remote code execution on system - CVE-2017-14803 and ZDI—CAN-5087 (7022443)
12-Mar-2018 Support KB Article (TID)

Access Manager and Meltdown / Spectre vulnerabilities (CVE-2017-5754, CVE-2017-5715 and CVE-2017-5753) (7022531)
12-Mar-2018 Support KB Article (TID)

OpenSSL 1.0.2n updates for NetIQ Access Manager (7022464)
12-Mar-2018 Support KB Article (TID)

Is NAM vulnerable to Apache Tomcat RCE if readonly set to false (CVE-2017-12617) (7022154)
12-Mar-2018 Support KB Article (TID)

Unrestricted File Upload Remote Code Execution Vulnerability in Admin Console (CVE-2018-1342/ZDI-CAN-5088) (7022444)
12-Mar-2018 Support KB Article (TID)