CVE-2014-5214

Name of the Vulnerable Software and Affected Versions NetIQ Access Manager (NAM) versions 4.0.0 through 4.0.1 before HF3

Description The issue allows remote authenticated users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. This occurs in the nps/servlet/webacc component of the Administration Console server in NetIQ Access Manager.

Recommendations For NetIQ Access Manager (NAM) versions 4.0.0 through 4.0.1 before HF3, update to version 4.0.1 HF3 or later to resolve the issue. As a temporary workaround, consider restricting access to the nps/servlet/webacc component to minimize the risk of exploitation.