CVE-2020-11846

A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microfocus:netiq_privileged_access_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_privileged_access_manager:3.7:-:*:*:*:*:*:*

History

23 Aug 2024, 17:03

Type Values Removed Values Added
First Time Microfocus
Microfocus netiq Privileged Access Manager
References () https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html - () https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html - Release Notes
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : 8.7
v2 : unknown
v3 : 7.5
Summary
  • (es) Una vulnerabilidad encontrada en OpenText Privileged Access Manager que emite un token. Tras la emisión exitosa del token, se establece una cookie que permite el acceso sin restricciones a todos los recursos de la aplicación. Este problema afecta a Privileged Access Manager anterior a 3.7.0.1.
CPE cpe:2.3:a:microfocus:netiq_privileged_access_manager:3.7:-:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_privileged_access_manager:*:*:*:*:*:*:*:*

21 Aug 2024, 16:06

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-21 14:15

Updated : 2024-08-23 17:03


NVD link : CVE-2020-11846

Mitre link : CVE-2020-11846

CVE.ORG link : CVE-2020-11846


JSON object : View

Products Affected

microfocus

  • netiq_privileged_access_manager
CWE
NVD-CWE-noinfo CWE-269

Improper Privilege Management