High severity8.8NVD Advisory· Published Mar 23, 2017· Updated May 13, 2026

CVE-2016-5750

Description

The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users.

Affected products

Netiq/Access Manager5 versions
cpe:2.3:a:netiq:access_manager:4.1:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:netiq:access_manager:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:netiq:access_manager:4.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:netiq:access_manager:4.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:netiq:access_manager:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:netiq:access_manager:4.2:sp1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.novell.com/support/kb/doc.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000