Environment
NetIQ Access Manager 4.1
NetIQ Access Manager 4.2
Situation
Due to issues with Java Deserialization on TCP Ports 9000 and 9001 it is possible using a prepared service to execute remote code on the Admin Console.The CVE one could leverage to do this is described at
https://issues.apache.org/jira/browse/COLLECTIONS-583, and could theoretically be used to dump the contents of files on the Admin Console server without root access.
https://issues.apache.org/jira/browse/COLLECTIONS-583, and could theoretically be used to dump the contents of files on the Admin Console server without root access.
Resolution
Fixed in NAM 4.3. For earlier builds, use iptables to block all access to TCP 9000/9001 except for it's own IP address ie, the IP address of the Admin Console itself.