Environment
NetIQ Access Manager 4.0
NetIQ Access Manager 4.0 Admin Console
NetIQ Access Manager 4.0 Support Pack 1 HF2 applied
CVE-2014-5216
NetIQ Access Manager 4.0 Admin Console
NetIQ Access Manager 4.0 Support Pack 1 HF2 applied
CVE-2014-5216
Situation
The following URL sent to the Access Manager Admin Console Server uses persistent site scripting (XSS) to inject a stored script on the auditing page:
https://<host>:8443/roma/system/cntl?handler=dispatcher&command=auditsave&&secureLoggingServersA='){}};alert('xss');function+x(){if('&port=1289
As soon as you do this and go to the Auditing page on iManager, an XSS script will be launched.
https://<host>:8443/roma/system/cntl?handler=dispatcher&command=auditsave&&secureLoggingServersA='){}};alert('xss');function+x(){if('&port=1289
As soon as you do this and go to the Auditing page on iManager, an XSS script will be launched.
Resolution
Apply 4.0.1 HF3 or greater to address the issue.
Additional Information
NetIQ thanks
Wolfgang Ettlinger (discovery, analysis, coordination) from the SEC Consult
Vulnerability Lab (https://www.sec-consult.com/) for
responsibly reporting the identified issues and working with us as we addressed
them.