Unrestricted Access Vulnerability in OpenText Privileged Access Manager
CVE-2020-11846

7.5HIGH

Key Information:

Vendor: Opentext
Status: Privileged Access Manager
Vendor: CVE Published:; 21 August 2024

Summary

A vulnerability in OpenText Privileged Access Manager allows for improper access control due to the issuance of a token that sets a cookie, granting unrestricted access to all application resources. This issue potentially exposes sensitive information and affects versions prior to 3.7.0.1, emphasizing the need for prompt updates to mitigate the risk of unauthorized access.

Affected Version(s)

Privileged Access Manager Windows 3.7.0.1

References

https://www.netiq.com/documentation/privileged-account-ma...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 21, 2024
Vulnerability Reserved
Apr 16, 2020