Upstream information
Description
Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 6.8 |
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
SUSE Security Advisories:
- TID7010166, published Sat Mar 3 09:46:04 UTC 2018
- TID7015997, published Sun May 20 15:48:58 CEST 2018
SUSE Timeline for this CVE
CVE page created: Tue Dec 23 15:16:32 2014CVE page last modified: Wed Mar 26 11:27:46 2025