Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
NetIQ Access Manager 跨站脚本漏洞
Vulnerability Description
NetIQ Access Manager(NAM)是美国NetIQ公司的一套资源访问控制解决方案。该方案可对本地和远程用户提供多重身份认证、数据加密、单点登录和SSL VPN等功能。Identity Server是其中的一个身份验证服务器。 NAM 4.1.2 HF1之前的4.1版本和4.2.2之前的4.2版本中的Identity Server的SAML处理功能存在跨站脚本漏洞。远程攻击者可利用该漏洞执行任意Web脚本或HTML,并获取授权证书。
CVSS Information
N/A
Vulnerability Type
N/A