Cross-Site Request Forgery Vulnerability in NetIQ Access Manager
CVE-2014-5217

Currently unrated

Key Information:

Vendor: Microfocus
Status: Access Manager
Vendor: CVE Published:; 23 December 2014

What is CVE-2014-5217?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Administration Console server of NetIQ Access Manager (NAM) 4.x prior to version 4.1. This security flaw enables remote attackers to manipulate the authentication of administrators, potentially allowing unauthorized changes to administrative passwords through the fw.SetPassword action. Ensuring proper anti-CSRF measures are implemented is critical to protect against this type of attack.

References

http://seclists.org/fulldisclosure/2014/Dec/78

mailing-listx_refsource_FULLDISC

https://www.novell.com/support/kb/doc.php?id=7015997

x_refsource_CONFIRM

https://www.sec-consult.com/fxdata/seccons/prod/temedia/a...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2014
Vulnerability Reserved
Aug 13, 2014

Microfocus

What is CVE-2014-5217?

References

Timeline