CVE-2016-5756

Name of the Vulnerable Software and Affected Versions NetIQ Access Manager versions 4.1 through 4.1.2 before Hot Fix 1 NetIQ Access Manager versions 4.2 through 4.2.2

Description The issue allows for Reflected Cross Site Scripting attacks, which could be used to hijack user sessions. The affected API endpoints include "nps/servlet/frameservice", "nps/servlet/webacc", "roma/admin/cntl", "roma/jsp/admin/appliance/devicedetail edit.jsp", "roma/jsp/admin/managementip/mgmt ip details frameset.jsp", "roma/jsp/admin/managementip/mgmt ip details middleframe.jsp", "roma/jsp/volsc/monitoring/appliance.jsp", and "roma/jsp/volsc/monitoring/graph.jsp".

Recommendations For NetIQ Access Manager versions 4.1 through 4.1.2 before Hot Fix 1, update to version 4.1.2 Hot Fix 1 to resolve the issue. For NetIQ Access Manager versions 4.2 through 4.2.2, update to version 4.2.2 to resolve the issue.