CVE-2017-5190

low-risk

Published 2017-04-20

NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile.

Do I need to act?

0.24% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.1/10 Low

NETWORK / HIGH complexity

Affected Products (2)

Access Manager

Affected Vendors

Netiq

References (6)

http://www.securityfocus.com/bid/97965

http://www.securitytracker.com/id/1038338

https://www.novell.com/support/kb/doc.php?id=7018792

http://www.securityfocus.com/bid/97965

http://www.securitytracker.com/id/1038338

https://www.novell.com/support/kb/doc.php?id=7018792

/ 100

low-risk

Severity 11/34 · Low

Exploitability 1/34 · Minimal

Exposure 7/34 · Low