Upstream information
Description
Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl, roma/jsp/admin/appliance/devicedetail_edit.jsp, roma/jsp/admin/managementip/mgmt_ip_details_frameset.jsp, roma/jsp/admin/managementip/mgmt_ip_details_middleframe.jsp, roma/jsp/volsc/monitoring/appliance.jsp, and roma/jsp/volsc/monitoring/graph.jsp.SUSE information
Overall state of this security issue: Does not affect SUSE products
No SUSE Bugzilla entries cross referenced.SUSE Security Advisories:
- TID7017813, published Sa 3. Mär 12:02:58 CET 2018
SUSE Timeline for this CVE
CVE page created: Thu Mar 23 09:47:16 2017CVE page last modified: Tue Jul 1 12:28:36 2025