Unauthenticated Information Disclosure in PAM Database by Broadcom's Software
CVE-2025-24500
8.7HIGH
Key Information:
- Vendor
- Broadcom
- Vendor
- CVE Published:
- 30 January 2025
Summary
An information disclosure vulnerability exists within Broadcom's software that enables an unauthenticated attacker to gain unauthorized access to sensitive information in the PAM database. This can lead to severe privacy breaches and potential exploitation by malicious actors.
Affected Version(s)
Symantec Privileged Access Management 3.4.6
Symantec Privileged Access Management 3.4.6
Symantec Privileged Access Management 4.1.0 <= 4.1.8
References
CVSS V4
Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Stefan Grönke ([email protected])