CVE-2017-14803

Name of the Vulnerable Software and Affected Versions NetIQ Access Manager versions 4.3 through 4.4

Description The issue is related to a bug in the Identity Server component of NetIQ Access Manager when accessing a basic SSO connector and downloading the BasicSSO connector plugins, particularly on IE11, allowing an attacker to execute arbitrary code on the system. It is also associated with errors in handling registration data when processing the fileinfo1 parameter in the downloadBasicSSOServlet component, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For NetIQ Access Manager versions 4.3 and 4.4, consider restricting access to the downloadBasicSSOServlet component until a patch is available. As a temporary workaround, avoid using the fileinfo1 parameter in the affected servlet to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.