Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microfocus | Access Manager | 4.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRExploit
- http://seclists.org/fulldisclosure/2014/Dec/78Exploit
- https://www.novell.com/support/kb/doc.php?id=7015997ExploitVendor Advisory
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-Exploit
- http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRExploit
- http://seclists.org/fulldisclosure/2014/Dec/78Exploit
- https://www.novell.com/support/kb/doc.php?id=7015997ExploitVendor Advisory
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-Exploit
FAQ
What is CVE-2014-5217?
CVE-2014-5217 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentica...
How severe is CVE-2014-5217?
CVE-2014-5217 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5217?
Check the references section above for vendor advisories and patch information. Affected products include: Microfocus Access Manager.