VYPR

Privileged User Manager

by Microfocus

CVEs (20)

  • CVE-2018-9022CriJun 18, 2018
    risk 0.68cvss 9.8epss 0.20

    An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.

  • CVE-2018-9029CriJun 18, 2018
    risk 0.64cvss 9.8epss 0.02

    An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.

  • CVE-2018-9023HigJun 18, 2018
    risk 0.57cvss 8.8epss 0.02

    An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script.

  • CVE-2024-12111HigDec 19, 2024
    risk 0.52cvss 8.0epss 0.00

    In a specific scenario a LDAP user can abuse the authentication process using injection attack in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.3(4.4); 24.3(4.5)

  • CVE-2018-9028HigJun 18, 2018
    risk 0.49cvss 7.5epss 0.01

    Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.

  • CVE-2018-9026HigJun 18, 2018
    risk 0.49cvss 7.5epss 0.01

    A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.

  • CVE-2018-9025HigJun 18, 2018
    risk 0.49cvss 7.5epss 0.01

    An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input.

  • CVE-2018-9027MedJun 18, 2018
    risk 0.40cvss 6.1epss 0.01

    A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link.

  • CVE-2018-9024MedJun 18, 2018
    risk 0.35cvss 5.3epss 0.01

    An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file.

  • CVE-2024-38496MedJul 15, 2024
    risk 0.33cvss epss 0.00

    The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships.

  • CVE-2017-7437MedMar 5, 2018
    risk 0.30cvss 4.6epss 0.01

    NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests.

  • CVE-2017-7438MedMar 2, 2018
    risk 0.30cvss 4.6epss 0.01

    NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter.

  • CVE-2012-5932Dec 24, 2012
    risk 0.08cvss epss 0.63

    Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request.

  • CVE-2012-5931Dec 24, 2012
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname.

  • CVE-2012-5930Dec 24, 2012
    risk 0.04cvss epss 0.07

    The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted…

  • CVE-2020-11847Aug 21, 2024
    risk 0.00cvss epss 0.00

    SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.

  • CVE-2020-11846Aug 21, 2024
    risk 0.00cvss epss 0.00

    A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.

  • CVE-2020-11862Mar 13, 2024
    risk 0.00cvss epss 0.01

    Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged Account Manager on Linux, Windows, 64 bit allows Flooding.This issue affects NetIQ Privileged Account Manager: before 3.7.0.2.

  • CVE-2021-45094Jul 20, 2023
    risk 0.00cvss epss 0.00

    Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS.

  • CVE-2019-7392Feb 26, 2019
    risk 0.00cvss epss 0.02

    An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration.