Lucene search
MitreCVELIST:CVE-2014-5217HistoryDec 23, 2014 - 11:00 a.m.
CVE-2014-5217
2014-12-2311:00:00
mitre
www.cve.org
1
Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action.
References
packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html
seclists.org/fulldisclosure/2014/Dec/78
www.novell.com/support/kb/doc.php?id=7015997
www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt
Related
prion
prion
Cross site request forgery (csrf)
2014-12-23 11:59:00
nvd
nvd
CVE-2014-5217
2014-12-23 11:59:03
cve
cve
CVE-2014-5217
2014-12-23 11:59:03
securityvulns
securityvulns
NetIQ Access Manager multiple security vulnerabilities
2014-12-22 00:00:00
exploitpack
exploitpack
NetIQ Access Manager 4.0 SP1 - Multiple Vulnerabilities
2014-12-23 00:00:00
nessus
nessus
NetIQ Access Manager 4.0 < 4.0 SP1 Hotfix 3 Multiple Vulnerabilities
2015-02-18 00:00:00
openvas
openvas
NetIQ Access Manager XSS / CSRF / XXE Injection / Disclosure Vulnerabilities
2014-12-19 00:00:00
packetstorm
packetstorm
NetIQ Access Manager 4.0 SP1 XSS / CSRF / XXE Injection / Disclosure
2014-12-19 00:00:00
exploitdb
exploitdb
NetIQ Access Manager 4.0 SP1 - Multiple Vulnerabilities
2014-12-23 00:00:00