Reverse shell connection to Admin Console possible with vulnerabilities on TCP 9000/9001

  • 7018159
  • 17-Oct-2016
  • 18-Oct-2016


NetIQ Access Manager 4.1
NetIQ Access Manager 4.2


Due to issues with Java Deserialization on TCP Ports 9000 and 9001 it is possible using a prepared service to execute remote code on the Admin Console.The CVE one could leverage to do this is described at, and could theoretically be used to dump the contents of files on the Admin Console server without root access.


Fixed in NAM 4.3. For earlier builds, use iptables to block all access to TCP 9000/9001 except for it's own IP address ie, the IP address of the Admin Console itself.