NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Microfocus
  • Access Manager

Configuration 1 [-]

OR cpe:2.3:a:microfocus:access_manager:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:access_manager:4.0.1:*:*:*:*:*:*:*

No data.

References
Link Providers
http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html cve-icon cve-icon
http://seclists.org/fulldisclosure/2014/Dec/78 cve-icon cve-icon
https://www.novell.com/support/kb/doc.php?id=7015995 cve-icon cve-icon
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-12-23T11:00:00

Updated: 2024-08-06T11:41:48.496Z

Reserved: 2014-08-13T00:00:00

Link: CVE-2014-5215

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-12-23T11:59:01.267

Modified: 2024-11-21T02:11:38.713

Link: CVE-2014-5215

cve-icon Redhat

No data.