CVE-2016-5751
MEDIUM6.1CVSS v3
4.3CVSS v2
0.23%
EPSS (exploit probability)
CWE-79CWE
Description
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials.
CVSS v3 vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected routers (2)
| Vendor | Model | Matched via | Affected versions | Fixed in | Patch Status |
|---|---|---|---|---|---|
| Ubiquiti | Ubiquiti EdgeRouter 4 | — |
— | — | Unpatched |
| Ubiquiti | Ubiquiti EdgeRouter X | — |
— | — | Unpatched |