Lucene search

[email protected]CVE-2024-1470

HistoryFeb 29, 2024 - 1:43 a.m.

CVE-2024-1470

2024-02-2901:43:51

CWE-639

[email protected]

web.nvd.nist.gov

cve-2024-1470

authorization bypass

netiq

opentext

windows

privilege escalation

code injection

nvd

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue

only

affects NetIQ Client Login Extension: 4.6.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "NetIQ Client Login Extension",
    "vendor": "OpenText",
    "versions": [
      {
        "status": "affected",
        "version": "4.6"
      }
    ]
  }
]

References

portal.microfocus.com/s/article/KM000026667?language=en_US

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-1470

cvelist1 nvd1 prion1