Environment
Access Manager 4.3
Access Manager Administration Console
Admin Console running on Windows or Linux
CVE-2017-14801
Admin Console running on Windows or Linux
CVE-2017-14801
Situation
Input xss can be appended into the REST API url parameters and reflected back into the page error message without actual xss injection execution
Resolution
Apply 4.3 SP3. The fix consists on sanitation/validation of input to represent the diverse values for cluster, service, and other ID that are required to retrieve the requested information.