XSS in Netiq Access_manager
CVE-2016-5751
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.007 (48.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Netiq Access_manager — versions 4.1, 4.2
- N/a Netiq Access Manager — versions NetIQ Access Manager
Weakness classification (CWE)
References
- security@opentext.com (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2016-5751?
- CVE-2016-5751 is a medium-severity vulnerability in Netiq Access_manager, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2017-03-23.
- How severe is CVE-2016-5751?
- Medium severity. CVSS v3 base score is 6.1 out of 10.