Lucene search

[email protected]CVE-2014-5217

HistoryDec 23, 2014 - 11:59 a.m.

CVE-2014-5217

2014-12-2311:59:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2014-5217

csrf

vulnerability

netiq access manager

nam

administration console

remote attackers

hijack

authentication

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.3%

JSON

Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action.

CPENameOperatorVersion
microfocus:access_managermicrofocus access managereq4.0
microfocus:access_managermicrofocus access managereq4.0.1

CPE	Name	Operator	Version
microfocus:access_manager	microfocus access manager	eq	4.0
microfocus:access_manager	microfocus access manager	eq	4.0.1

References

packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html

seclists.org/fulldisclosure/2014/Dec/78

www.novell.com/support/kb/doc.php?id=7015997

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.3%

JSON

Related for CVE-2014-5217

cvelist1 prion1 securityvulns2 exploitpack1 packetstorm1 nessus1 openvas1 exploitdb1