PT-2018-5721 · Netiq · Netiq Access Manager

Published

2018-03-01

Updated

2019-10-09

CVE-2017-14800

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: NetIQ Access Manager versions prior to 4.3.3

Description: A reflected cross-site scripting attack could allow code injection into pages of authenticated users. This issue is related to the use of the typecontainerid parameter in the policy editor.

Recommendations: For versions prior to 4.3.3, update to version 4.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the policy editor to minimize the risk of exploitation. Avoid using the typecontainerid parameter in the affected policy editor until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-14800

Affected Products

Netiq Access Manager

PT-2018-5721 · Netiq · Netiq Access Manager

CVE-2017-14800

Weakness Enumeration

Related Identifiers

Affected Products

References · 3