Novell Access Management SSLVPN Server is prone to a security-bypass vulnerability.
A remote authenticated attacker can exploit this issue to access corporate resources normally restricted within VPN access policy. This may lead to other attacks.
This issue affects version 3 IR1 of Novell Access Management Server.
A proof-of-concept modification to 'policy.txt' would be as follows:
from : 0.0.0.0 / 0
port : 80
The above example demonstrates how an attacker would allow their client machine HTTP access to any host on the remote network.