CVE-2020-11846

Published: Aug 21, 2024Modified: Aug 23, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.

Affected (2)

Products: Microfocus: Netiq Privileged Access Manager

1 product

Netiq Privileged Access Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microfocus Netiq Privileged Access Manager	Before 3.7
Microfocus Netiq Privileged Access Manager	Version 3.7

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (1)

https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html

Source: security@opentext.com

Release Notes

Timeline

No history available yet.