CVE-2020-11846

Improper handling of token allows access to restricted resource in Privileged Access Manager

CVSS 8.7 HIGHEPSS 0.3%CWE-269

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.7EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

21 Aug 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Affected products

OpenText · Privileged Access Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html