Access Control Issue in Broadcom Identity Manager Management Console
CVE-2022-25626

5.3MEDIUM

What is CVE-2022-25626?

An access control vulnerability in Broadcom Identity Manager allows unauthenticated users to view specific management console page URLs. While users can access these pages, they cannot perform server-side tasks without establishing a valid web session. This limitation highlights the importance of session validation to mitigate unauthorized access risks.

Affected Version(s)

Symantec Identity Governance and Administration 14.3, 14.4

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.