CVE-2016-5751: XSS
First published: Thu Mar 23 2017(Updated: )
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NetIQ Access Manager | =4.1 | |
| NetIQ Access Manager | =4.1-sp1 | |
| NetIQ Access Manager | =4.1-sp2 | |
| NetIQ Access Manager | =4.2 | |
| NetIQ Access Manager | =4.2-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/type
- agent/description
- agent/author
- agent/references
- agent/severity
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/netiq
- canonical/netiq access manager
- version/netiq access manager/4.1
- version/netiq access manager/4.1-sp1
- version/netiq access manager/4.1-sp2
- version/netiq access manager/4.2
- version/netiq access manager/4.2-sp1