CVE-2016-5751

Summary

An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials.

Affected Software

VendorProductVersion RangeStatus
n/aNetIQ Access ManagerNetIQ Access Manageraffected

Weaknesses

  • unfiltered finalizer target URL

ADP Enrichment

CVE Program Container

Additional References

References