NVD

Id
32964  
Name
CVE-2014-5216  
Description
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-12-23  
Modified Date
2014-12-23  
Seq
2014-5216  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
173047 32964 CVE-2014-5216 http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html  View
173048 32964 CVE-2014-5216 20141218 SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager  View
173049 32964 CVE-2014-5216 https://www.novell.com/support/kb/doc.php?id=7015994  View
173050 32964 CVE-2014-5216 https://www.novell.com/support/kb/doc.php?id=7015996  View
173051 32964 CVE-2014-5216 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
18504 JVNDB-2014-007379 NetIQ Access Manager におけるクロスサイトスクリプティングの脆弱性 NetIQ Access Manager (NAM) には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2014-5216 72505 CVE-2014-5216 32964 4.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007379.html 2014-12-15 2014-12-24 View