Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-4879

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-26 May, 2010 | 18:00
Updated At-16 Sep, 2024 | 16:18
Rejected At-
Credits

The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:26 May, 2010 | 18:00
Updated At:16 Sep, 2024 | 16:18
Rejected At:
▼CVE Numbering Authority (CNA)

The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id?1022581
vdb-entry
x_refsource_SECTRACK
http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id?1022581
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id?1022581
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id?1022581
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:26 May, 2010 | 18:30
Updated At:11 Apr, 2025 | 00:51

The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
Novell
novell
>>access_manager>>Versions up to 3.1(inclusive)
cpe:2.3:a:novell:access_manager:*:*:*:*:*:*:*:*
Novell
novell
>>access_manager>>3
cpe:2.3:a:novell:access_manager:3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.htmlcve@mitre.org
N/A
http://www.securitytracker.com/id?1022581cve@mitre.org
N/A
http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1022581af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1022581
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1022581
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

110Records found
CVE-2012-0944
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-4.3||MEDIUM
EPSS-0.47% / 63.83%
||
7 Day CHG~0.00%
Published-04 Jun, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.

Action-Not Available
Vendor-sebastian_heinleinn/aCanonical Ltd.
Product-aptdaemonubuntu_linuxn/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-5253
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.47%
||
7 Day CHG~0.00%
Published-12 Jan, 2013 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dl Download Ticket Service 0.3 through 0.9 allows remote attackers to login as an arbitrary user by supplying an authorization header.

Action-Not Available
Vendor-thegrn/a
Product-dln/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-10150
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.30% / 53.11%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:42
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the resulting build output.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_container_platformatomic-openshift
CWE ID-CWE-287
Improper Authentication
CVE-2018-9080
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-5.9||MEDIUM
EPSS-0.19% / 41.72%
||
7 Day CHG~0.00%
Published-28 Sep, 2018 | 20:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Iomega and LenovoEMC NAS Web UI Vulnerabilities

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session.

Action-Not Available
Vendor-Lenovo Group Limited
Product-px4-300r_firmwarestorcenter_px12-400rstorcenter_px2-300dpx4-400rstorcenter_ix4-300dpx4-300dstorcenter_px12-450r_firmwarepx6-300d_firmwarepx4-300d_firmwarepx4-300rix2ix4-300d_firmwarepx2-300dix4-300dstorcenter_px4-300d_firmwarepx4-400r_firmwareez_media_\&_backup_center_firmwarepx12-450rstorcenter_px2-300d_firmwarestorcenter_ix2storcenter_px4-300rpx2-300d_firmwareix2_firmwarepx6-300dstorcenter_ix4-300d_firmwarestorcenter_ix2-dl_firmwarestorcenter_px12-400r_firmwarestorcenter_px4-300r_firmwarepx4-400dstorcenter_ix2-dlstorcenter_px6-300dpx4-400d_firmwarestorcenter_px12-450rstorcenter_px6-300d_firmwarestorcenter_px4-300dpx12-400r_firmwareez_media_\&_backup_centerpx12-400rpx12-450r_firmwarestorcenter_ix2_firmwareLenovoEMCEZ Media and Backup CenterIomega StorCenter
CWE ID-CWE-287
Improper Authentication
CVE-2018-16738
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-0.38% / 58.66%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 00:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.

Action-Not Available
Vendor-starwindsoftwaretinc-vpnn/aDebian GNU/Linux
Product-debian_linuxtincstarwind_virtual_sann/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-12225
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.41% / 60.82%
||
7 Day CHG~0.00%
Published-07 Sep, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as part of the postauthentication session. An attacker could exploit this vulnerability by obtaining the presession token ID. An exploit could allow an attacker to hijack an existing user's session. Known Affected Releases 4.2(5). Cisco Bug IDs: CSCvf58392.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_lan_management_solutionCisco Prime LAN Management Solution
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-384
Session Fixation
CVE-2018-16465
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.00%
||
7 Day CHG~0.00%
Published-30 Oct, 2018 | 21:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load.

Action-Not Available
Vendor-n/aNextcloud GmbH
Product-nextcloud_serverNextcloud Server
CWE ID-CWE-287
Improper Authentication
CVE-2018-12399
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.35% / 56.90%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox < 63.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxFirefox
CWE ID-CWE-287
Improper Authentication
CVE-2017-7937
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-4||MEDIUM
EPSS-0.15% / 36.54%
||
7 Day CHG~0.00%
Published-19 May, 2017 | 02:43
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may be able to gain unauthorized access to the user firewall when RADIUS servers are unreachable.

Action-Not Available
Vendor-phoenix_contact_gmbhn/a
Product-mguard_firmwaremguardPhoenix Contact GmbH mGuard
CWE ID-CWE-287
Improper Authentication
CVE-2017-1520
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.20% / 42.15%
||
7 Day CHG~0.00%
Published-12 Sep, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kerneldb2_connectdb2windowsDB2 for Linux, UNIX and Windows
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found