CVE-2016-5755 - Vulnerability Details - OpenCVE

NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netiq	Access Manager

Configuration 1 [-]

OR	cpe:2.3:a:netiq:access_manager:4.1:::::::*
	cpe:2.3:a:netiq:access_manager:4.1:sp1::::::
	cpe:2.3:a:netiq:access_manager:4.1:sp2::::::
	cpe:2.3:a:netiq:access_manager:4.2:::::::*
	cpe:2.3:a:netiq:access_manager:4.2:sp1::::::

No data.

References

Link	Providers
https://www.spirityenterprise.com/virtual-ciso
https://www.novell.com/support/kb/doc.php?id=7017812

History

No history.

MITRE

Status: PUBLISHED

Assigner: microfocus

Published: 2017-03-23T06:36:00

Updated: 2024-08-06T01:15:09.052Z

Reserved: 2016-06-23T00:00:00

Link: CVE-2016-5755

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-03-23T06:59:00.453

Modified: 2025-04-20T01:37:25.860

Link: CVE-2016-5755

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "NetIQ Access Manager", "vendor": "n/a", "versions": [{"status": "affected", "version": "NetIQ Access Manager"}]}], "datePublic": "2017-03-23T00:00:00", "descriptions": [{"lang": "en", "value": "NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the \"high encryption\" setting."}], "problemTypes": [{"descriptions": [{"description": "clickjacking", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:57", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.novell.com/support/kb/doc.php?id=7017812"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@suse.com", "ID": "CVE-2016-5755", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NetIQ Access Manager", "version": {"version_data": [{"version_value": "NetIQ Access Manager"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the \"high encryption\" setting."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "clickjacking"}]}]}, "references": {"reference_data": [{"name": "https://www.novell.com/support/kb/doc.php?id=7017812", "refsource": "CONFIRM", "url": "https://www.novell.com/support/kb/doc.php?id=7017812"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:15:09.052Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.novell.com/support/kb/doc.php?id=7017812"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2016-5755", "datePublished": "2017-03-23T06:36:00", "dateReserved": "2016-06-23T00:00:00", "dateUpdated": "2024-08-06T01:15:09.052Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netiq:access_manager:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "5ADC4C66-A0B0-47E6-8084-C7FBEDC8E503", "vulnerable": true}, {"criteria": "cpe:2.3:a:netiq:access_manager:4.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "FF9068BB-5689-459A-A637-A12F31B36726", "vulnerable": true}, {"criteria": "cpe:2.3:a:netiq:access_manager:4.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "2E5148AA-24E9-4171-8B8F-FA9A1F378EF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:netiq:access_manager:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "20239843-9281-4AEA-A8DE-E0FECFAE7BC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netiq:access_manager:4.2:sp1:*:*:*:*:*:*", "matchCriteriaId": "0FD82557-1FA6-4335-9A17-C14F27D9B713", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the \"high encryption\" setting."}, {"lang": "es", "value": "NetIQ Access Manager 4.1 en versiones anteriores a 4.1.2 Hot Fix 1 y 4.2 en versiones anteriores a 4.2.2 era vulnerable a ataques de clickjacking debido a un filtro SAMEORIGIN perdido en la configuraci\u00f3n \"high encryption\"."}], "id": "CVE-2016-5755", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-23T06:59:00.453", "references": [{"source": "security@opentext.com", "url": "https://www.novell.com/support/kb/doc.php?id=7017812"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.novell.com/support/kb/doc.php?id=7017812"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}