CVE-2016-5749

NONE

5.5CVSS v3

2.1CVSS v2

0.07% EPSS (exploit probability)

CWE-611CWE

Description

NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.

CVSS v3 vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected routers (1)

Vendor	Model	Matched via	Affected versions	Fixed in	Patch?
Ubiquiti	Ubiquiti EdgeRouter 4	`—`	—	—	No

External references

NIST NVD
MITRE CVE