Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for netiq_privileged_access_manager by microfocus

    CVE-2020-11847 (GCVE-0-2020-11847)

    Vulnerability from nvd – Published: 2024-08-21 13:38 – Updated: 2024-08-22 13:50
    VLAI
    Title
    Vulnerability in sshrelay in privileged access manager provides full system access.
    Summary
    SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText Privileged Access Manager Affected: 3.7.0.1 , < < (server)
    Create a notification for this product.
    opentext privileged_access_manager Affected: 0 , < 3.7.0.1 (custom)
        cpe:2.3:a:opentext:privileged_access_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:opentext:privileged_access_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "privileged_access_manager",
                "vendor": "opentext",
                "versions": [
                  {
                    "lessThan": "3.7.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-11847",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-22T13:47:40.575847Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-22T13:50:29.679Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit",
                "32 bit"
              ],
              "product": "Privileged Access Manager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThan": "\u003c",
                  "status": "affected",
                  "version": "3.7.0.1",
                  "versionType": "server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. \u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Privileged Access Manager before 3.7.0.1.\u003c/span\u003e"
                }
              ],
              "value": "SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-21T13:38:44.228Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Vulnerability in sshrelay in privileged access manager provides full system access.",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2020-11847",
        "datePublished": "2024-08-21T13:38:44.228Z",
        "dateReserved": "2020-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-22T13:50:29.679Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11846 (GCVE-0-2020-11846)

    Vulnerability from nvd – Published: 2024-08-21 13:37 – Updated: 2024-08-21 14:40
    VLAI
    Title
    Improper handling of token allows access to restricted resource in Privileged Access Manager
    Summary
    A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    OpenText Privileged Access Manager Affected: 3.7.0.1 , < < (server)
    Create a notification for this product.
    opentext privileged_access_manager Affected: 0 , < 3.7.0.1 (semver)
        cpe:2.3:a:opentext:privileged_access_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:opentext:privileged_access_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "privileged_access_manager",
                "vendor": "opentext",
                "versions": [
                  {
                    "lessThan": "3.7.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-11846",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T14:37:06.749673Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-21T14:40:15.436Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit",
                "32 bit"
              ],
              "product": "Privileged Access Manager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThan": "\u003c",
                  "status": "affected",
                  "version": "3.7.0.1",
                  "versionType": "server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Privileged Access Manager before 3.7.0.1.\u003c/span\u003e"
                }
              ],
              "value": "A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources.\u00a0This issue affects Privileged Access Manager before 3.7.0.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-21T13:37:11.454Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper handling of token allows access to restricted resource in Privileged Access Manager",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2020-11846",
        "datePublished": "2024-08-21T13:37:11.454Z",
        "dateReserved": "2020-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-21T14:40:15.436Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11847 (GCVE-0-2020-11847)

    Vulnerability from cvelistv5 – Published: 2024-08-21 13:38 – Updated: 2024-08-22 13:50
    VLAI
    Title
    Vulnerability in sshrelay in privileged access manager provides full system access.
    Summary
    SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText Privileged Access Manager Affected: 3.7.0.1 , < < (server)
    Create a notification for this product.
    opentext privileged_access_manager Affected: 0 , < 3.7.0.1 (custom)
        cpe:2.3:a:opentext:privileged_access_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:opentext:privileged_access_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "privileged_access_manager",
                "vendor": "opentext",
                "versions": [
                  {
                    "lessThan": "3.7.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-11847",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-22T13:47:40.575847Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-22T13:50:29.679Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit",
                "32 bit"
              ],
              "product": "Privileged Access Manager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThan": "\u003c",
                  "status": "affected",
                  "version": "3.7.0.1",
                  "versionType": "server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. \u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Privileged Access Manager before 3.7.0.1.\u003c/span\u003e"
                }
              ],
              "value": "SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-21T13:38:44.228Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Vulnerability in sshrelay in privileged access manager provides full system access.",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2020-11847",
        "datePublished": "2024-08-21T13:38:44.228Z",
        "dateReserved": "2020-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-22T13:50:29.679Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11846 (GCVE-0-2020-11846)

    Vulnerability from cvelistv5 – Published: 2024-08-21 13:37 – Updated: 2024-08-21 14:40
    VLAI
    Title
    Improper handling of token allows access to restricted resource in Privileged Access Manager
    Summary
    A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    OpenText Privileged Access Manager Affected: 3.7.0.1 , < < (server)
    Create a notification for this product.
    opentext privileged_access_manager Affected: 0 , < 3.7.0.1 (semver)
        cpe:2.3:a:opentext:privileged_access_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:opentext:privileged_access_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "privileged_access_manager",
                "vendor": "opentext",
                "versions": [
                  {
                    "lessThan": "3.7.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-11846",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T14:37:06.749673Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-21T14:40:15.436Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit",
                "32 bit"
              ],
              "product": "Privileged Access Manager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThan": "\u003c",
                  "status": "affected",
                  "version": "3.7.0.1",
                  "versionType": "server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Privileged Access Manager before 3.7.0.1.\u003c/span\u003e"
                }
              ],
              "value": "A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources.\u00a0This issue affects Privileged Access Manager before 3.7.0.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-21T13:37:11.454Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper handling of token allows access to restricted resource in Privileged Access Manager",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2020-11846",
        "datePublished": "2024-08-21T13:37:11.454Z",
        "dateReserved": "2020-04-16T00:00:00.000Z",
        "dateUpdated": "2024-08-21T14:40:15.436Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }