CVE-2009-4879

critical

Description

The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.

References

http://www.securitytracker.com/id?1022581

http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html

Details

Source: Mitre, NVD

Published: 2010-05-26

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00096

Detections

Analytics