Privileged Access Manager
by Microfocus
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-12111 | Hig | 0.52 | 8.0 | 0.00 | Dec 19, 2024 | In a specific scenario a LDAP user can abuse the authentication process using injection attack in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.3(4.4); 24.3(4.5) | ||
| CVE-2024-38496 | Med | 0.33 | — | 0.00 | Jul 15, 2024 | The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships. | ||
| CVE-2018-9022 | 0.05 | — | 0.20 | Jun 18, 2018 | An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. | |||
| CVE-2018-9021 | 0.04 | — | 0.10 | Jun 18, 2018 | An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. | |||
| CVE-2020-11847 | 0.00 | — | 0.00 | Aug 21, 2024 | SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1. | |||
| CVE-2020-11846 | 0.00 | — | 0.00 | Aug 21, 2024 | A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1. | |||
| CVE-2021-45094 | 0.00 | — | 0.00 | Jul 20, 2023 | Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS. | |||
| CVE-2018-9023 | 0.00 | — | 0.00 | Jun 18, 2018 | An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script. | |||
| CVE-2018-9028 | 0.00 | — | 0.00 | Jun 18, 2018 | Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. | |||
| CVE-2018-9026 | 0.00 | — | 0.00 | Jun 18, 2018 | A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. | |||
| CVE-2018-9029 | 0.00 | — | 0.01 | Jun 18, 2018 | An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. | |||
| CVE-2018-9025 | 0.00 | — | 0.00 | Jun 18, 2018 | An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. | |||
| CVE-2018-9027 | 0.00 | — | 0.00 | Jun 18, 2018 | A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. | |||
| CVE-2018-9024 | 0.00 | — | 0.01 | Jun 18, 2018 | An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file. | |||
| CVE-2017-7437 | 0.00 | — | 0.00 | Mar 5, 2018 | NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests. | |||
| CVE-2017-7438 | 0.00 | — | 0.00 | Mar 2, 2018 | NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter. |
- risk 0.52cvss 8.0epss 0.00
In a specific scenario a LDAP user can abuse the authentication process using injection attack in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.3(4.4); 24.3(4.5)
- risk 0.33cvss —epss 0.00
The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships.
- CVE-2018-9022Jun 18, 2018risk 0.05cvss —epss 0.20
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.
- CVE-2018-9021Jun 18, 2018risk 0.04cvss —epss 0.10
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.
- CVE-2020-11847Aug 21, 2024risk 0.00cvss —epss 0.00
SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.
- CVE-2020-11846Aug 21, 2024risk 0.00cvss —epss 0.00
A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.
- CVE-2021-45094Jul 20, 2023risk 0.00cvss —epss 0.00
Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS.
- CVE-2018-9023Jun 18, 2018risk 0.00cvss —epss 0.00
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script.
- CVE-2018-9028Jun 18, 2018risk 0.00cvss —epss 0.00
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.
- CVE-2018-9026Jun 18, 2018risk 0.00cvss —epss 0.00
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.
- CVE-2018-9029Jun 18, 2018risk 0.00cvss —epss 0.01
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.
- CVE-2018-9025Jun 18, 2018risk 0.00cvss —epss 0.00
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input.
- CVE-2018-9027Jun 18, 2018risk 0.00cvss —epss 0.00
A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link.
- CVE-2018-9024Jun 18, 2018risk 0.00cvss —epss 0.01
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file.
- CVE-2017-7437Mar 5, 2018risk 0.00cvss —epss 0.00
NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests.
- CVE-2017-7438Mar 2, 2018risk 0.00cvss —epss 0.00
NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter.