Medium severity5.5NVD Advisory· Published Mar 23, 2017· Updated May 13, 2026
CVE-2016-5749
CVE-2016-5749
Description
NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.
Affected products
5cpe:2.3:a:netiq:access_manager:4.1:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:netiq:access_manager:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:netiq:access_manager:4.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:netiq:access_manager:4.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:netiq:access_manager:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:netiq:access_manager:4.2:sp1:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.