NetIQ Access Manager 4.0 Support Pack 1 HF2 applied
NetIQ Access Manager 4.0 Admin Console
The disclosed system properties:
The static string "k~jd)*L2;93=Gjs" is XORed with these values in order to decrypt passwords of internally used service accounts.
NetIQ thanks Wolfgang Ettlinger (discovery, analysis, coordination) from the SEC Consult Vulnerability Lab (https://www.sec-consult.com/) for responsibly reporting the identified issues and working with us as we addressed them.