CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 4CVE-2014-5217 – NetIQ Access Manager 4.0 SP1 XSS / CSRF / XXE Injection / Disclosure
https://notcve.org/view.php?id=CVE-2014-5217
Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action. Vulnerabilidad de CSRF en nps/servlet/webacc en el servidor Administration Console en NetIQ Access Manager (NAM) 4.x anterior a 4.1 permite a atacantes remotos secuestrar la autenticación de los administradores para peticiones que cambian la contraseña administrativa mediante una acción fw.SetPassword. NetIQ Access Manager version 4.0 SP1 suffers from cross site request forgery, external entity injection, information disclosure, and cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html http://seclists.org/fulldisclosure/2014/Dec/78 https://www.novell.com/support/kb/doc.php?id=7015997 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 4CVE-2014-5214 – NetIQ Access Manager 4.0 SP1 XSS / CSRF / XXE Injection / Disclosure
https://notcve.org/view.php?id=CVE-2014-5214
nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. nps/servlet/webacc en iManager en el servidor Administration Console de NetIQ Access Manager (NAM) 4.x anterior a 4.0.1 HF3 permite a usuarios remotos autenticados leer archivos arbitrarios a través de un parámetro en la consulta que contenga una declaración de identidad XML externa junto con una referencia a una entidad, relacionada con el error XML External Entity (XXE) NetIQ Access Manager version 4.0 SP1 suffers from cross site request forgery, external entity injection, information disclosure, and cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html http://seclists.org/fulldisclosure/2014/Dec/78 https://www.novell.com/support/kb/doc.php?id=7015993 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 4CVE-2014-5215 – NetIQ Access Manager 4.0 SP1 XSS / CSRF / XXE Injection / Disclosure
https://notcve.org/view.php?id=CVE-2014-5215
NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp. NetIQ Access Manager (NAM) 4.x anterior a 4.0.1 HF3 permite a administradores remotos autenticados descubrir contraseñas de cuentas de servicio a través de una petición a (1) roma/jsp/volsc/monitoring/dev_services.jsp o (2) roma/jsp/debug/debug.jsp. NetIQ Access Manager version 4.0 SP1 suffers from cross site request forgery, external entity injection, information disclosure, and cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html http://seclists.org/fulldisclosure/2014/Dec/78 https://www.novell.com/support/kb/doc.php?id=7015995 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •