XML External Entity Vulnerability in NetIQ Access Manager
CVE-2014-5214

Currently unrated

Key Information:

Vendor

Microfocus
Status
Access Manager
Vendor
CVE Published:
23 December 2014

What is CVE-2014-5214?

The iManager component within the Administration Console of NetIQ Access Manager (NAM) versions prior to 4.0.1 HF3 contains a vulnerability that allows remote authenticated users to exploit an XML External Entity (XXE) issue. This weakness enables unauthorized access to arbitrary files by manipulating query parameters with XML external entity declarations. It poses a significant risk to the integrity of sensitive data and system configurations, necessitating prompt mitigation measures.

References

http://seclists.org/fulldisclosure/2014/Dec/78
mailing-listx_refsource_FULLDISC
https://www.novell.com/support/kb/doc.php?id=7015993
x_refsource_CONFIRM
https://www.sec-consult.com/fxdata/seccons/prod/temedia/a...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.