CVE-2016-5751

An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:netiq:access_manager:4.1:*:*:*:*:*:*:*
cpe:2.3:a:netiq:access_manager:4.1:sp1:*:*:*:*:*:*
cpe:2.3:a:netiq:access_manager:4.1:sp2:*:*:*:*:*:*
cpe:2.3:a:netiq:access_manager:4.2:*:*:*:*:*:*:*
cpe:2.3:a:netiq:access_manager:4.2:sp1:*:*:*:*:*:*

History

21 Nov 2024, 02:54

Type Values Removed Values Added
References () https://www.novell.com/support/kb/doc.php?id=7017808 - () https://www.novell.com/support/kb/doc.php?id=7017808 -

07 Nov 2023, 02:33

Type Values Removed Values Added
References (CONFIRM) https://www.novell.com/support/kb/doc.php?id=7017808 - Exploit, Third Party Advisory () https://www.novell.com/support/kb/doc.php?id=7017808 -

Information

Published : 2017-03-23 06:59

Updated : 2024-11-21 02:54


NVD link : CVE-2016-5751

Mitre link : CVE-2016-5751

CVE.ORG link : CVE-2016-5751


JSON object : View

Products Affected

netiq

  • access_manager
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')