CVE-2016-5750

Published: Mar 23, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users.

Affected (5)

Products: Netiq: Access Manager

Netiq

1 product

Access Manager

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Netiq Access Manager	Version 4.1
Netiq Access Manager	Version 4.1 sp1
Netiq Access Manager	Version 4.1 sp2
Netiq Access Manager	Version 4.2
Netiq Access Manager	Version 4.2 sp1

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://www.novell.com/support/kb/doc.php?id=7017807

Source: security@opentext.com

https://www.novell.com/support/kb/doc.php?id=7017807

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.