CVE-2016-5752

HIGH

NetIQ Access Manager <4.1.2 HF1-4.2.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.novell.com/support/kb/doc.php?id=7017809

Scores

CVSS v3 7.5
EPSS 0.0109
EPSS Percentile 61.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (3)
n/a/NetIQ Access Manager NetIQ Access Manager
netiq/access_manager 4.1 (3 CPE variants)
netiq/access_manager 4.2 (2 CPE variants)
Published Mar 23, 2017
Tracked Since Feb 18, 2026