CVE-2017-14800

Name of the Vulnerable Software and Affected Versions: NetIQ Access Manager versions prior to 4.3.3

Description: A reflected cross-site scripting attack could allow code injection into pages of authenticated users. This issue is related to the use of the typecontainerid parameter in the policy editor.

Recommendations: For versions prior to 4.3.3, update to version 4.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the policy editor to minimize the risk of exploitation. Avoid using the typecontainerid parameter in the affected policy editor until the issue is resolved.