PT-2017-8765 · Netiq · Netiq Access Manager
Publicado
2017-03-23
·
Atualizado
2017-03-24
·
CVE-2016-5756
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
NetIQ Access Manager versions 4.1 through 4.1.2 before Hot Fix 1
NetIQ Access Manager versions 4.2 through 4.2.2
Description
The issue allows for Reflected Cross Site Scripting attacks, which could be used to hijack user sessions. The affected API endpoints include "nps/servlet/frameservice", "nps/servlet/webacc", "roma/admin/cntl", "roma/jsp/admin/appliance/devicedetail edit.jsp", "roma/jsp/admin/managementip/mgmt ip details frameset.jsp", "roma/jsp/admin/managementip/mgmt ip details middleframe.jsp", "roma/jsp/volsc/monitoring/appliance.jsp", and "roma/jsp/volsc/monitoring/graph.jsp".
Recommendations
For NetIQ Access Manager versions 4.1 through 4.1.2 before Hot Fix 1, update to version 4.1.2 Hot Fix 1 to resolve the issue.
For NetIQ Access Manager versions 4.2 through 4.2.2, update to version 4.2.2 to resolve the issue.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Netiq Access Manager