Skip Ribbon Commands
Skip to main content
Computer Security Incident Response Team of Mauritius (CERT-MU)

VN-2017-61


Novell NetIQ Access Manager Virtual Attribute Concurrency Bug Lets Remote Authenticated Users Obtain Potentially Sensitive Information
Severity Rating: Medium
Systems Affected:
  • Novell NetIQ Access Manager version 4.2, 4.3
Description
A vulnerability has been identified in Novell NetIQ Access Manager and this can be exploited by remote attackers to obtain potentially sensitive information on the target system. The system may apply a stale profile when used as a Security Assertion Markup Language (SAML) Identity Server due to a virtual attribute concurrency error. As a result, a remote authenticated user may be able to obtain potentially sensitive information on the target system.
 
Solution
Users are advised to apply updates.
More information is available on:
 
Vendor Information
Novell
 
CVE Information
 
References
 
Security Tracker
 
Novell Support
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis