← Volver a CVEs

CVE-2014-5217

N/A

Descripcion

Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action.

Detalles CVE

Puntuacion CVSS v3.1N/A

Publicado12/23/2014

Ultima modificacion4/12/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

microfocus:access_manager

Debilidades (CWE)

CWE-352

Referencias

http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html(cve@mitre.org)

http://seclists.org/fulldisclosure/2014/Dec/78(cve@mitre.org)

https://www.novell.com/support/kb/doc.php?id=7015997(cve@mitre.org)

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt(cve@mitre.org)

http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html(af854a3a-2127-422b-91ae-364da2661108)

http://seclists.org/fulldisclosure/2014/Dec/78(af854a3a-2127-422b-91ae-364da2661108)

https://www.novell.com/support/kb/doc.php?id=7015997(af854a3a-2127-422b-91ae-364da2661108)

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.