NetIQ Access Manager 4.1 prior to 4.1.2 HF 1 and 4.2 prior to 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netiq access manager 4.1 |
||
netiq access manager 4.2 |