CVE-2016-5758

Published: Mar 23, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load.

Affected (5)

Products: Netiq: Access Manager

Netiq

1 product

Access Manager

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Netiq Access Manager	Version 4.1
Netiq Access Manager	Version 4.1 sp1
Netiq Access Manager	Version 4.1 sp2
Netiq Access Manager	Version 4.2
Netiq Access Manager	Version 4.2 sp1

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://www.securityfocus.com/bid/97035

Source: security@opentext.com

https://www.novell.com/support/kb/doc.php?id=7017817

Source: security@opentext.com

http://www.securityfocus.com/bid/97035

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.novell.com/support/kb/doc.php?id=7017817

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.