Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-5217

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-5217
Last Modified 23 Dec 2014 02:10:00
Published 23 Dec 2014 06:59:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-5217

Summary

Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action.

Vulnerable Systems

Application

  • Netiq Access Manager 4.0

  • Netiq Access Manager 4.0.1


References

MISC - https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt

CONFIRM - https://www.novell.com/support/kb/doc.php?id=7015997

FULLDISC - 20141218 SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager

MISC - http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html


Last Updated: 27 May 2016 11:07:20