CVE-2009-4879

Novell Access Manager < 3.1 - Authentication Bypass

Title source: rule

Description

The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.

References (2)

[Vendor Advisory] http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1022581

Scores

EPSS 0.0010

EPSS Percentile 26.5%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

novell/access_manager < 3.1

novell/access_manager

Timeline

Published May 26, 2010

Tracked Since Feb 18, 2026