PT-2017-8761 · Netiq · Netiq Access Manager

Published

2017-03-23

Updated

2017-03-24

CVE-2016-5751

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions NetIQ Access Manager versions 4.1 through 4.1.2 before HF1 NetIQ Access Manager versions 4.2 through 4.2.2

Description The issue is related to an unfiltered finalizer target URL in the SAML processing feature of Identity Server. This could potentially be used to trigger cross-site scripting (XSS) and leak authentication credentials.

Recommendations For NetIQ Access Manager versions 4.1 through 4.1.2 before HF1, update to version 4.1.2 HF1 or later. For NetIQ Access Manager versions 4.2 through 4.2.2, update to version 4.2.2 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2016-5751

Affected Products

Netiq Access Manager

PT-2017-8761 · Netiq · Netiq Access Manager

CVE-2016-5751

Weakness Enumeration

Related Identifiers

Affected Products

References · 3