CVE-2016-5751

An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:netiq:access_manager:4.1:*:*:*:*:*:*:*
cpe:2.3:a:netiq:access_manager:4.1:sp1:*:*:*:*:*:*
cpe:2.3:a:netiq:access_manager:4.1:sp2:*:*:*:*:*:*
cpe:2.3:a:netiq:access_manager:4.2:*:*:*:*:*:*:*
cpe:2.3:a:netiq:access_manager:4.2:sp1:*:*:*:*:*:*

History

No history.

Information

Published : 2017-03-23 06:59

Updated : 2024-02-04 19:11


NVD link : CVE-2016-5751

Mitre link : CVE-2016-5751

CVE.ORG link : CVE-2016-5751


JSON object : View

Products Affected

netiq

  • access_manager
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')