CVE-2016-5749

EUVD-2016-6684
NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Affected Products (NVD)
VendorProductVersion
netiqaccess_manager
4.1
netiqaccess_manager
4.1:sp1
netiqaccess_manager
4.1:sp2
netiqaccess_manager
4.2
netiqaccess_manager
4.2:sp1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.novell.com/support/kb/doc.php?id=7017806
https://www.novell.com/support/kb/doc.php?id=7017806