Environment
Access Manager 4.3
Access Manager Admin Console
Admin Console running on Windows or Linux OS
CVE-2017-9276
CVE-2017-9276
Situation
Input xss can be appended into iManager parameters such that they are reflected back into the response message where xss injection execution can be performed
Resolution
Apply 4.3.3. The fix consists on sanitation/validation of input into the iManager NPS pages.