Privileged User Manager
by Microfocus
CVEs (20)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-9022 | Cri | 0.68 | 9.8 | 0.20 | Jun 18, 2018 | An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. | ||
| CVE-2018-9029 | Cri | 0.64 | 9.8 | 0.02 | Jun 18, 2018 | An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. | ||
| CVE-2018-9023 | Hig | 0.57 | 8.8 | 0.02 | Jun 18, 2018 | An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script. | ||
| CVE-2024-12111 | Hig | 0.52 | 8.0 | 0.00 | Dec 19, 2024 | In a specific scenario a LDAP user can abuse the authentication process using injection attack in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.3(4.4); 24.3(4.5) | ||
| CVE-2018-9028 | Hig | 0.49 | 7.5 | 0.01 | Jun 18, 2018 | Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. | ||
| CVE-2018-9026 | Hig | 0.49 | 7.5 | 0.01 | Jun 18, 2018 | A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. | ||
| CVE-2018-9025 | Hig | 0.49 | 7.5 | 0.01 | Jun 18, 2018 | An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. | ||
| CVE-2018-9027 | Med | 0.40 | 6.1 | 0.01 | Jun 18, 2018 | A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. | ||
| CVE-2018-9024 | Med | 0.35 | 5.3 | 0.01 | Jun 18, 2018 | An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file. | ||
| CVE-2024-38496 | Med | 0.33 | — | 0.00 | Jul 15, 2024 | The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships. | ||
| CVE-2017-7437 | Med | 0.30 | 4.6 | 0.01 | Mar 5, 2018 | NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests. | ||
| CVE-2017-7438 | Med | 0.30 | 4.6 | 0.01 | Mar 2, 2018 | NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter. | ||
| CVE-2012-5932 | 0.08 | — | 0.63 | Dec 24, 2012 | Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request. | |||
| CVE-2012-5931 | 0.04 | — | 0.07 | Dec 24, 2012 | Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname. | |||
| CVE-2012-5930 | 0.04 | — | 0.07 | Dec 24, 2012 | The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted… | |||
| CVE-2020-11847 | 0.00 | — | 0.00 | Aug 21, 2024 | SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1. | |||
| CVE-2020-11846 | 0.00 | — | 0.00 | Aug 21, 2024 | A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1. | |||
| CVE-2020-11862 | 0.00 | — | 0.01 | Mar 13, 2024 | Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged Account Manager on Linux, Windows, 64 bit allows Flooding.This issue affects NetIQ Privileged Account Manager: before 3.7.0.2. | |||
| CVE-2021-45094 | 0.00 | — | 0.00 | Jul 20, 2023 | Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS. | |||
| CVE-2019-7392 | 0.00 | — | 0.02 | Feb 26, 2019 | An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration. |
- risk 0.68cvss 9.8epss 0.20
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.
- risk 0.64cvss 9.8epss 0.02
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.
- risk 0.57cvss 8.8epss 0.02
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script.
- risk 0.52cvss 8.0epss 0.00
In a specific scenario a LDAP user can abuse the authentication process using injection attack in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.3(4.4); 24.3(4.5)
- risk 0.49cvss 7.5epss 0.01
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.
- risk 0.49cvss 7.5epss 0.01
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.
- risk 0.49cvss 7.5epss 0.01
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input.
- risk 0.40cvss 6.1epss 0.01
A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link.
- risk 0.35cvss 5.3epss 0.01
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file.
- risk 0.33cvss —epss 0.00
The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships.
- risk 0.30cvss 4.6epss 0.01
NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests.
- risk 0.30cvss 4.6epss 0.01
NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter.
- CVE-2012-5932Dec 24, 2012risk 0.08cvss —epss 0.63
Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request.
- CVE-2012-5931Dec 24, 2012risk 0.04cvss —epss 0.07
Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname.
- CVE-2012-5930Dec 24, 2012risk 0.04cvss —epss 0.07
The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted…
- CVE-2020-11847Aug 21, 2024risk 0.00cvss —epss 0.00
SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.
- CVE-2020-11846Aug 21, 2024risk 0.00cvss —epss 0.00
A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.
- CVE-2020-11862Mar 13, 2024risk 0.00cvss —epss 0.01
Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged Account Manager on Linux, Windows, 64 bit allows Flooding.This issue affects NetIQ Privileged Account Manager: before 3.7.0.2.
- CVE-2021-45094Jul 20, 2023risk 0.00cvss —epss 0.00
Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS.
- CVE-2019-7392Feb 26, 2019risk 0.00cvss —epss 0.02
An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration.