Vulnerabilities > CVE-2016-5748 - XXE vulnerability in Netiq Access Manager 4.1/4.2

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

netiq

CWE-611

NVD

Published: 2017-03-23

Updated: 2023-11-07

Summary

External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users.

Vulnerable Configurations

Part	Description	Count
Application	Netiq Netiq Access Manager 4.1 Netiq Access Manager 4.2	5

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://www.novell.com/support/kb/doc.php?id=7017797