Upstream information
Description
The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester.SUSE information
Overall state of this security issue: Does not affect SUSE products
No SUSE Bugzilla entries cross referenced.SUSE Security Advisories:
- TID7017809, published Sa 3. Mär 12:02:55 CET 2018
SUSE Timeline for this CVE
CVE page created: Thu Mar 23 09:47:13 2017CVE page last modified: Tue Jul 1 12:28:36 2025