PEN test finding about pom.xml config file found on IDP/ESP NAM components

  • 7018180
  • 24-Oct-2016
  • 24-Oct-2016


NetIQ Access Manager 4.2
NetIQ Access Manager 4.2 Identity Server
NetIQ Access Manager 4.2 Access Gateway


PEN test running against all Access Manager 4.2 components and the PEN test software reported a possible vulnerability with the pom.xml configuration file on both IDP and ESP ( for example). The report indicated that the file may disclose sensitive information.


Fixed in 4.3. For administrators running 4.2, manually remove the pom.xml from all the idp/esp directories (/opt/novell/nids/lib/webapp/ for example) and restart the IDP/ESP.