Novell NetIQ Access Manager Virtual Attribute Concurrency Bug Lets Remote Authenticated Users Obtain Potentially Sensitive Information
Severity Rating: Medium
- Novell NetIQ Access Manager version 4.2, 4.3
A vulnerability has been identified in Novell NetIQ Access Manager and this can be exploited by remote attackers to obtain potentially sensitive information on the target system. The system may apply a stale profile when used as a Security Assertion Markup Language (SAML) Identity Server due to a virtual attribute concurrency error. As a result, a remote authenticated user may be able to obtain potentially sensitive information on the target system.
Users are advised to apply updates.
More information is available on:
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street