Back to search
CVE-2014-5216
Published: Dec 23, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20141218 SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager
mailing-list
x_refsource_FULLDISC
https://www.novell.com/support/kb/doc.php?id=7015996
x_refsource_CONFIRM
https://www.novell.com/support/kb/doc.php?id=7015994
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now