CVE-2014-5215
NetIQ Access Manager 4.x - Authenticated Exposure of Sensitive Information via Monitoring and Debug Endpoints
Title source: llmDescription
NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp.
References (4)
Core 4
Core References
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Dec/78
Exploit, Vendor Advisory x_refsource_confirm
https://www.novell.com/support/kb/doc.php?id=7015995
Scores
EPSS
0.0036
EPSS Percentile
58.2%
Details
CWE
CWE-200
Status
published
Products (2)
microfocus/access_manager
4.0
microfocus/access_manager
4.0.1
Published
Dec 23, 2014
Tracked Since
Feb 18, 2026