CVE-2014-5217

Name of the Vulnerable Software and Affected Versions NetIQ Access Manager (NAM) versions 4.0 through 4.1

Description A cross-site request forgery (CSRF) issue exists in the Administration Console server, specifically in the nps/servlet/webacc component. This allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action.

Recommendations For NetIQ Access Manager (NAM) versions 4.0 through 4.1, update to version 4.1 or later to resolve the issue.