Upstream information

CVE-2014-5217 at MITRE

Description

Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action.

SUSE information

Overall state of this security issue: Does not affect SUSE products

No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:

  • TID7010166, published Sat Mar 3 09:46:04 UTC 2018
  • TID7015997, published Sun May 20 15:48:58 CEST 2018


SUSE Timeline for this CVE

CVE page created: Tue Dec 23 15:16:32 2014
CVE page last modified: Tue Jul 1 12:23:09 2025