Access Control Issue in Broadcom Identity Manager Management Console
CVE-2022-25626

5.3MEDIUM

Key Information:

Vendor: Broadcom
Status: Symantec Identity Governance And Administration
Vendor: CVE Published:; 16 December 2022

Summary

An access control vulnerability in Broadcom Identity Manager allows unauthenticated users to view specific management console page URLs. While users can access these pages, they cannot perform server-side tasks without establishing a valid web session. This limitation highlights the importance of session validation to mitigate unauthorized access risks.

Affected Version(s)

Symantec Identity Governance and Administration 14.3, 14.4

References

https://support.broadcom.com/external/content/SecurityAdv...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 16, 2022
Vulnerability Reserved
Feb 21, 2022