Nessus scan reports in Web Application Potentially Vulnerable to Clickjacking in iManager (CVE-2016-5755)

  • 7017812
  • 04-Jul-2016
  • 29-Aug-2016


NetIQ Access Manager 4.2
NetIQ Access Manager 4.1
Access Manager Admin Console


Access Manager Admin Console ships with iManager. With the default settings (encryption level set to high) it is reported as vulnerable to clickjacking attacks by Web security scanners such as Nessus or Appscan.


Apply NAM 4.2.2 patch in NAM 4.2; or apply NAM 4.1.2 Hot Fix 1 on NAM 4.1.

To workaround the issue on older versions, you can do the following:
a) Open the web.xml file. The web.xml file is located at the following location:

Linux: /opt/novell/nam/adminconsole/conf
Windows Server 2012: \Program Files (x86)\Novell\Tomcat\conf

b) Add the following tomcat filter configuration below any existing filter configurations: