CVE-2016-5751

MEDIUM

NetIQ Access Manager <4.1.2 HF1, <4.2.2 - XSS

Title source: llm

Description

An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials.

References (1)

[Vendor Advisory] https://www.novell.com/support/kb/doc.php?id=7017808

Scores

CVSS v3 6.1

EPSS 0.0023

EPSS Percentile 45.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (6)

netiq/access_manager

n/a/NetIQ Access Manager < NetIQ Access Manager

Timeline

Published Mar 23, 2017

Tracked Since Feb 18, 2026