Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microfocus | Access Manager | 4.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRExploit
- http://seclists.org/fulldisclosure/2014/Dec/78Exploit
- https://www.novell.com/support/kb/doc.php?id=7015994ExploitVendor Advisory
- https://www.novell.com/support/kb/doc.php?id=7015996ExploitVendor Advisory
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-Exploit
- http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRExploit
- http://seclists.org/fulldisclosure/2014/Dec/78Exploit
- https://www.novell.com/support/kb/doc.php?id=7015994ExploitVendor Advisory
- https://www.novell.com/support/kb/doc.php?id=7015996ExploitVendor Advisory
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-Exploit
FAQ
What is CVE-2014-5216?
CVE-2014-5216 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a...
How severe is CVE-2014-5216?
CVE-2014-5216 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5216?
Check the references section above for vendor advisories and patch information. Affected products include: Microfocus Access Manager.