Cross-Site Scripting Vulnerabilities in NetIQ Access Manager by Novell
CVE-2014-5216

Currently unrated

Key Information:

Vendor

Microfocus
Status
Access Manager
Vendor
CVE Published:
23 December 2014

What is CVE-2014-5216?

NetIQ Access Manager versions 4.x prior to 4.0.1 HF3 are affected by multiple cross-site scripting (XSS) vulnerabilities. These issues allow remote attackers to inject arbitrary web scripts or HTML through various parameters, including 'location' in the 'dev.Empty' action, 'error' in 'nidp/jsp/x509err.jsp', 'lang' in 'sslvpn/applet_agent.jsp', and 'secureLoggingServersA' in 'roma/system/cntl'. This presents significant risks to web application security and necessitates urgent action to mitigate potential threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://seclists.org/fulldisclosure/2014/Dec/78
mailing-listx_refsource_FULLDISC
https://www.novell.com/support/kb/doc.php?id=7015996
x_refsource_CONFIRM
https://www.sec-consult.com/fxdata/seccons/prod/temedia/a...
x_refsource_MISC

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.