File existence disclosue vulnerability in IDM plugin
CVE-2022-26329

1.8LOW

Key Information:

Vendor: Micro Focus
Status: Netiq Identity Manager
Vendor: CVE Published:; 26 January 2023

🔔 Create Micro Focus Vulnerability Alert

What is CVE-2022-26329?

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.

Affected Version(s)

NetIQ Identity Manager ALL NetIQ Identity Manager < 4.8.5

References

https://www.netiq.com/documentation/identity-manager-48/r...

CVSS V3.1

Score:

1.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Feb 28, 2022

Credit

Special thanks go to Kajetan Rostojek for responsibly disclosing this information to us.