CVE-2017-5183
N/A
N/A
Summary
NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Identity Server | Identity Server | affected |
Weaknesses
- SAML2 mishandling
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.