CVE-2024-4555

Published: Aug 28, 2024Modified: Oct 6, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1

Affected (1)

Products: Microfocus: Netiq Access Manager

Microfocus

1 product

Netiq Access Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microfocus Netiq Access Manager	Before 5.0.4.1

Related CWEs

CWE-266

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html

Source: security@opentext.com

Release NotesVendor Advisory

https://www.microfocus.com/documentation/access-manager/5.1/accessmanager51-release-notes/accessmanager51-release-notes.html

Source: security@opentext.com

Release NotesVendor Advisory

Timeline

No history available yet.