Is Access Manager vulnerable to CVE-2015-3194 (Certificate verify crash with missing PSS parameter)

  • 7017046
  • 04-Dec-2015
  • 22-Jul-2016


NetIQ Access Manager 4.0
NetIQ Access Manager 4.1
NetIQ Access Manager 4.2
CVE-2015-3194 (


A new vulnerability (CVE-2015-3194) has been reported at that is specific to the certificate verification process. NAM does use this process - is NAM vulnerable to this threat as it frequently needs to verify certificates?


NAM is not vulnerable to this threat as it's components do not verify the x509 certs using the openssl implementation.