CVE-2016-5749

Name of the Vulnerable Software and Affected Versions NetIQ Access Manager versions 4.1 through 4.1.2 before HF 1 NetIQ Access Manager versions 4.2 through 4.2.2

Description The issue allows for local file disclosure via an XML External Entity (XXE) attack due to the parsing of incoming SAML requests with external entity resolution enabled.

Recommendations For NetIQ Access Manager versions 4.1 through 4.1.2 before HF 1, update to version 4.1.2 HF 1 or later. For NetIQ Access Manager versions 4.2 through 4.2.2, update to version 4.2.2 or later.