Netiq: >> Access Manager >> 4.3 Security Vulnerabilities
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-04-24
NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-04-20
NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile.
CVSS Score
3.1
EPSS Score
0.002
Published
2017-04-20
Page 2