mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-30 09:00:49 +02:00
817 B
817 B
CVE-2014-5215
Description
NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp.
POC
Reference
- http://packetstormsecurity.com/files/129658/NetIQ-Access-Manager-4.0-SP1-XSS-CSRF-XXE-Injection-Disclosure.html
- http://seclists.org/fulldisclosure/2014/Dec/78
Github
No PoCs found on GitHub currently.