Vulnerabilities > CVE-2014-5214 - Unspecified vulnerability in Microfocus Access Manager 4.0/4.0.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
microfocus
nessus
NVD
Published: 2014-12-23
Updated: 2021-04-09

Summary

nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Configurations

Part Description Count
Application
Microfocus
2

Nessus

NASL familyCGI abuses
NASL idNETIQ_ACCESS_MANAGER_4SP1HF3.NASL
descriptionThe remote host is running a version of NetIQ Access Manager 4.0 without service pack 1 hotfix 3. It is, therefore, affected by the following vulnerabilities : - An XML Entity Injection (XXE) flaw exists in the
last seen2020-06-01
modified2020-06-02
plugin id81405
published2015-02-18
reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/81405
titleNetIQ Access Manager 4.0 < 4.0 SP1 Hotfix 3 Multiple Vulnerabilities

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/129658/SA-20141218-2.txt
idPACKETSTORM:129658
last seen2016-12-05
published2014-12-19
reporterWolfgang Ettlinger
sourcehttps://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html
titleNetIQ Access Manager 4.0 SP1 XSS / CSRF / XXE Injection / Disclosure

References