XSS Vulnerability in iManager (CVE-2017-9276)

  • 7022359
  • 20-Nov-2017
  • 20-Nov-2017

Environment

Access Manager 4.3
Access Manager Admin Console
Admin Console running on Windows or Linux OS
CVE-2017-9276

Situation

Input xss can be appended into iManager parameters such that they are reflected back into the response message where xss injection execution can be performed

Resolution

Apply 4.3.3. The fix consists on sanitation/validation of input into the iManager NPS pages.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.