CVE-2014-5215

Name of the Vulnerable Software and Affected Versions NetIQ Access Manager (NAM) versions 4.0.0 through 4.0.1 before HF3

Description The issue allows remote authenticated administrators to discover service-account passwords. This can be achieved by sending a request to API endpoints such as "roma/jsp/volsc/monitoring/dev services.jsp" or "roma/jsp/debug/debug.jsp".

Recommendations For versions 4.0.0 through 4.0.1 before HF3, update to version 4.0.1 HF3 to resolve the issue.