NetIQ Access Manager (NAM) 4.x prior to 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microfocus access manager 4.0.1 |
||
microfocus access manager 4.0 |