CVE-2016-5749

Summary

NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.

Affected Software

VendorProductVersion RangeStatus
n/aNetIQ Access ManagerNetIQ Access Manageraffected

Weaknesses

  • XXE

ADP Enrichment

CVE Program Container

Additional References

References