GCVE - cpe:2.3:a:netiq:access_manager:4.1:sp1:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:netiq:access_manager:4.1:sp1:*:*:*:*:*:*

part: a version: 4.1 update: sp1

Vendor	Netiq (`94dcefbc-5583-5ff9-9c13-e684dd17d831`)
Product	Access Manager (`edb150f9-eb26-5022-ba2c-8858d01a415e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-5758`	vulnerable	2026-06-03 14:35:55.814745	Details available A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load. Published: 2017-03-23T06:36:00.000Z Updated: 2024-08-06T01:15:10.652Z Open on db.gcve.eu Reference links https://www.novell.com/support/kb/doc.php?id=7017817 http://www.securityfocus.com/bid/97035	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5757`	vulnerable	2026-06-03 14:35:55.814373	Details available iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials. Published: 2017-03-23T06:36:00.000Z Updated: 2024-08-06T01:15:10.625Z Open on db.gcve.eu Reference links https://www.novell.com/support/kb/doc.php?id=7017818	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5756`	vulnerable	2026-06-03 14:35:55.813998	Details available Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl, roma/jsp/admin/appliance/devicedetail_edit.jsp, roma/jsp/admin/managementip/mgmt_ip_details_frameset.jsp, roma/jsp/admin/managementip/mgmt_ip_details_middleframe.jsp, roma/jsp/volsc/monitoring/appliance.jsp, and roma/jsp/volsc/monitoring/graph.jsp. Published: 2017-03-23T06:36:00.000Z Updated: 2024-08-06T01:15:10.551Z Open on db.gcve.eu Reference links https://www.novell.com/support/kb/doc.php?id=7017813	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5755`	vulnerable	2026-06-03 14:35:55.813528	Details available NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting. Published: 2017-03-23T06:36:00.000Z Updated: 2024-08-06T01:15:09.052Z Open on db.gcve.eu Reference links https://www.novell.com/support/kb/doc.php?id=7017812	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5754`	vulnerable	2026-06-03 14:35:55.813179	Details available Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2. Published: 2017-03-23T06:36:00.000Z Updated: 2024-08-06T01:15:09.070Z Open on db.gcve.eu Reference links https://www.novell.com/support/kb/doc.php?id=7017811	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5752`	vulnerable	2026-06-03 14:35:55.812815	Details available The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester. Published: 2017-03-23T06:36:00.000Z Updated: 2024-08-06T01:08:00.717Z Open on db.gcve.eu Reference links https://www.novell.com/support/kb/doc.php?id=7017809	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5751`	vulnerable	2026-06-03 14:35:55.812434	Details available An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials. Published: 2017-03-23T06:36:00.000Z Updated: 2024-08-06T01:08:00.709Z Open on db.gcve.eu Reference links https://www.novell.com/support/kb/doc.php?id=7017808	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5750`	vulnerable	2026-06-03 14:35:55.811967	Details available The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users. Published: 2017-03-23T06:36:00.000Z Updated: 2024-08-06T01:07:59.952Z Open on db.gcve.eu Reference links https://www.novell.com/support/kb/doc.php?id=7017807	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5749`	vulnerable	2026-06-03 14:35:55.809794	Details available NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack. Published: 2017-03-23T06:36:00.000Z Updated: 2024-08-06T01:07:59.961Z Open on db.gcve.eu Reference links https://www.novell.com/support/kb/doc.php?id=7017806	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5748`	vulnerable	2026-06-03 14:35:55.807368	Details available External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users. Published: 2017-03-23T06:36:00.000Z Updated: 2024-08-06T01:07:59.910Z Open on db.gcve.eu Reference links https://www.novell.com/support/kb/doc.php?id=7017797	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.