An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 prior to 4.1.2 HF1 and 4.2 prior to 4.2.2 could be used to trigger XSS and leak authentication credentials.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netiq access manager 4.1 |
||
netiq access manager 4.2 |