Test ID:	1.3.6.1.4.1.25623.1.0.105149
Category:	Web application abuses
Title:	NetIQ Access Manager < 4.0 SP1 Hot Fix 3 Multiple Vulnerabilities - Active Check
Summary:	NetIQ Access Manager suffers from cross-site request forgery; (CSRF), XML external entity (XXE) injection, information disclosure, and cross-site scripting; (XSS) vulnerabilities.
Description:	Summary: NetIQ Access Manager suffers from cross-site request forgery (CSRF), XML external entity (XXE) injection, information disclosure, and cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: An attacker without an account on the NetIQ Access Manager is able to gain administrative access by combining different attack vectors. Though this host may not always be accessible from a public network, an attacker is still able to compromise the system when directly targeting administrative users. Because the NetIQ Access Manager is used for authentication, an attacker compromising the system can use it to gain access to other systems. Affected Software/OS: NetIQ Access Manager version 4.0 SP1. Solution: Update to 4.0 SP1 Hot Fix 3 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-5214 http://seclists.org/fulldisclosure/2014/Dec/78 http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-2_Novell_NetIQ_Access_Manager_Multiple_Vulnerabilities_v10.txt Common Vulnerability Exposure (CVE) ID: CVE-2014-5216 Common Vulnerability Exposure (CVE) ID: CVE-2014-5217 Common Vulnerability Exposure (CVE) ID: CVE-2014-5215
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.