ID de Prueba:	1.3.6.1.4.1.25623.1.0.105149
Categoría:	Web application abuses
Título:	NetIQ Access Manager < 4.0 SP1 Hot Fix 3 Multiple Vulnerabilities - Active Check
Resumen:	NetIQ Access Manager suffers from cross-site request forgery; (CSRF), XML external entity (XXE) injection, information disclosure, and cross-site scripting; (XSS) vulnerabilities.
Descripción:	Summary: NetIQ Access Manager suffers from cross-site request forgery (CSRF), XML external entity (XXE) injection, information disclosure, and cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: An attacker without an account on the NetIQ Access Manager is able to gain administrative access by combining different attack vectors. Though this host may not always be accessible from a public network, an attacker is still able to compromise the system when directly targeting administrative users. Because the NetIQ Access Manager is used for authentication, an attacker compromising the system can use it to gain access to other systems. Affected Software/OS: NetIQ Access Manager version 4.0 SP1. Solution: Update to 4.0 SP1 Hot Fix 3 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-5214 http://seclists.org/fulldisclosure/2014/Dec/78 http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt Common Vulnerability Exposure (CVE) ID: CVE-2014-5216 Common Vulnerability Exposure (CVE) ID: CVE-2014-5217 Common Vulnerability Exposure (CVE) ID: CVE-2014-5215
Copyright	Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.