Unrated severityNVD Advisory· Published Dec 23, 2014· Updated Jun 17, 2026
CVE-2014-5217
CVE-2014-5217
Description
Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:microfocus:access_manager:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microfocus:access_manager:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:access_manager:4.0.1:*:*:*:*:*:*:*
- Range: <4.1
Patches
Vulnerability mechanics
References
4- packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.htmlnvdExploit
- seclists.org/fulldisclosure/2014/Dec/78nvdExploit
- www.novell.com/support/kb/doc.phpnvdExploitVendor Advisory
- www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txtnvdExploit
News mentions
0No linked articles in our index yet.