Remote Authentication Flaw in NetIQ Access Manager Exposes Service-Account Passwords
CVE-2014-5215

Currently unrated

Key Information:

Vendor: Microfocus
Status: Access Manager
Vendor: CVE Published:; 23 December 2014

What is CVE-2014-5215?

The vulnerability identified in NetIQ Access Manager prior to version 4.0.1 HF3 allows remote authenticated administrators to access sensitive service-account passwords. This security flaw can be exploited by sending crafted requests to specific JSP endpoints, revealing critical administrative information that should be secured against unauthorized access. Organizations using this product should prioritize upgrading to the patched version to minimize the risk of credential exposure.

References

http://seclists.org/fulldisclosure/2014/Dec/78

mailing-listx_refsource_FULLDISC

https://www.novell.com/support/kb/doc.php?id=7015995

x_refsource_CONFIRM

https://www.sec-consult.com/fxdata/seccons/prod/temedia/a...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2014
Vulnerability Reserved
Aug 13, 2014

Microfocus

What is CVE-2014-5215?

References

Timeline