Remote Code Execution Vulnerability in iManager Certificate Upload Feature

Remote Code Execution Vulnerability in iManager Certificate Upload Feature

CVE-2016-5750 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users.

Learn more about our User Device Pen Test.