CVE-2016-5751

EUVD-2016-6686
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
netiqaccess_manager
4.1
netiqaccess_manager
4.1:sp1
netiqaccess_manager
4.1:sp2
netiqaccess_manager
4.2
netiqaccess_manager
4.2:sp1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.novell.com/support/kb/doc.php?id=7017808
https://www.novell.com/support/kb/doc.php?id=7017808