NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.
[
{
"product": "NetIQ Access Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "NetIQ Access Manager"
}
]
}
]