Cross-Site Scripting Vulnerabilities in NetIQ Access Manager by Novell
CVE-2014-9412

Currently unrated

Key Information:

Vendor

Microfocus
Status
Access Manager
Vendor
CVE Published:
23 December 2014

What is CVE-2014-9412?

Multiple cross-site scripting vulnerabilities exist in NetIQ Access Manager versions prior to 4.1. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML into the application. Specifically, attackers can exploit an arbitrary parameter in the debugging functionalities, such as through the debug.jsp and debug.DumpAll actions, potentially compromising the integrity of the affected web applications.

References

http://seclists.org/fulldisclosure/2014/Dec/78
mailing-listx_refsource_FULLDISC
https://www.sec-consult.com/fxdata/seccons/prod/temedia/a...
x_refsource_MISC
https://www.novell.com/support/kb/doc.php?id=7015994
x_refsource_CONFIRM

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.