Environment
NetIQ Access Manager 4.2
NetIQ Access Manager 4.2 Identity Server
NetIQ Access Manager 4.2 Access Gateway
NetIQ Access Manager 4.2 Identity Server
NetIQ Access Manager 4.2 Access Gateway
Situation
PEN test running against all Access Manager 4.2 components and the PEN test software reported a possible vulnerability with the pom.xml configuration file on both IDP and ESP (https://nam42sba.lab.novell.com/nidp/pom.xml for example). The report indicated that the file may disclose sensitive information.
Resolution
Fixed in 4.3. For administrators running 4.2, manually remove the pom.xml from all the idp/esp directories
(/opt/novell/nids/lib/webapp/ for example) and restart the IDP/ESP.