Lucene search

K
cve[email protected]CVE-2014-5214
HistoryDec 23, 2014 - 11:59 a.m.

CVE-2014-5214

2014-12-2311:59:00
NVD-CWE-Other
web.nvd.nist.gov
24
2
netiq access manager
nam
xml external entity
xxe
security vulnerability
cve-2014-5214
nvd

6.1 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.1%

nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Social References

More

6.1 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.1%