Upstream information
Description
Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action.SUSE information
Overall state of this security issue: Does not affect SUSE products
No SUSE Bugzilla entries cross referenced.SUSE Security Advisories:
- TID7010166, published Sat Mar 3 09:46:04 UTC 2018
- TID7015997, published Sun May 20 15:48:58 CEST 2018
SUSE Timeline for this CVE
CVE page created: Tue Dec 23 15:16:32 2014CVE page last modified: Tue Jul 1 12:23:09 2025