Upstream information

CVE-2014-5216 at MITRE

Description

Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.3
Vector AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:
  • TID7010166, published Sat Mar 3 09:46:04 UTC 2018
  • TID7015994, published Sun May 20 15:48:59 CEST 2018
  • TID7015996, published Sat May 19 21:48:48 CEST 2018
  • TID7017332, published Sa 3. Mär 11:59:56 CET 2018