Novell: >> Access Manager >> 3 Security Vulnerabilities
Unspecified vulnerability in the Administration Console in Novell Access Manager before 3.1 SP1 allows attackers to access system files via unknown attack vectors.
CVSS Score
4.3
EPSS Score
0.008
Published
2010-05-26
The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.
CVSS Score
4.3
EPSS Score
0.001
Published
2010-05-26
Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
CVSS Score
1.9
EPSS Score
0.001
Published
2009-04-14
The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request.
CVSS Score
7.5
EPSS Score
0.002
Published
2007-07-05
Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt.
CVSS Score
9.0
EPSS Score
0.005
Published
2007-03-07