Known Vulnerabilities
CVE-2017-7429
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
HIGH
CVSS 8.8
Published Mar 02, 2018
CVE-2017-9285
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
MEDIUM
CVSS 5.4
Published Mar 02, 2018