Published: 23/12/2014 Updated: 09/04/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x prior to 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microfocus access manager 4.0
microfocus access manager 4.0.1

NetIQ Access Manager version 40 SP1 suffers from cross site request forgery, external entity injection, information disclosure, and cross site scripting vulnerabilities ...

NVD-CWE-Other http://seclists.org/fulldisclosure/2014/Dec/78 http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html https://www.novell.com/support/kb/doc.php?id=7015993 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt https://nvd.nist.gov https://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-5214

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect