CVE-2024-1470

Elevation of Privilege attack on NetIQ Client login extension

CVSS 7.1 HIGHEPSS 0.2%CWE-639

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

20 Feb 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

Affected products

OpenText · NetIQ Client Login Extension

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.microfocus.com/s/article/KM000026667?language=en_US