Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Novell eDirectory

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2016-5747
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-0.33% / 54.92%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 06:36
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies.

Action-Not Available
Vendor-n/aNovell
Product-edirectoryNovell eDirectory
CWE ID-CWE-284
Improper Access Control
CVE-2016-9167
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-0.50% / 64.87%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 06:36
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL.

Action-Not Available
Vendor-n/aNovell
Product-edirectoryNovell eDirectory
CVE-2016-9168
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Assigner-OpenText (formerly Micro Focus)
CVSS Score-6.5||MEDIUM
EPSS-0.56% / 67.43%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 06:36
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking.

Action-Not Available
Vendor-n/aNovell
Product-edirectoryNovell eDirectory
CWE ID-CWE-20
Improper Input Validation