CVE-2017-5183

Summary

NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document.

Affected Software

VendorProductVersion RangeStatus
n/aIdentity ServerIdentity Serveraffected

Weaknesses

  • SAML2 mishandling

ADP Enrichment

CVE Program Container

Additional References

References