Novell NetIQ Access Manager CVE-2017-5190 Remote Information Disclosure Vulnerability

Novell NetIQ Access Manager is prone to an information-disclosure vulnerability.

Note: This issue only occurs when using visual attributes.

Attackers can exploit this issue to access sensitive information. Information obtained may lead to further attacks.

Information

Bugtraq ID: 97965
Class: Design Error
CVE: CVE-2017-5190

Remote: Yes
Local: No
Published: Apr 11 2017 12:00AM
Updated: Apr 24 2017 04:08PM
Credit: The vendor reported this issue.
Vulnerable: Novell NetIQ Access Manager 4.3
Novell NetIQ Access Manager 4.2

Not Vulnerable: Novell NetIQ Access Manager 4.3 SP1 Hot Fix 1
Novell NetIQ Access Manager 4.2 SP3 Hot Fix 1

Exploit

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References:

Novell Homepage (Novell)
Information leakage with NAM Identity Server and SAML2 Service Provider while us (Novell)

Source: www.securityfocus.com

Exploit Collector

Search Exploit