VYPR

NetIQ Access Manager

by Novell

CVEs (3)

  • CVE-2014-5216Dec 23, 2014
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to…

  • CVE-2014-5217Dec 23, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via…

  • CVE-2014-5215Dec 23, 2014
    risk 0.00cvss epss 0.02

    NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp.