Lucene search

OpenTextCVELIST:CVE-2020-11847

HistoryAug 21, 2024 - 1:38 p.m.

CVE-2020-11847 Vulnerability in sshrelay in privileged access manager provides full system access.

2024-08-2113:38:44

CWE-78

OpenText

www.cve.org

cve-2020-11847

vulnerability

sshrelay

privileged access manager

system access

os command

pam server

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS

0.002

Percentile

55.2%

JSON

SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "Linux",
      "64 bit",
      "32 bit"
    ],
    "product": "Privileged Access Manager",
    "vendor": "OpenText",
    "versions": [
      {
        "lessThan": "<",
        "status": "affected",
        "version": "3.7.0.1",
        "versionType": "server"
      }
    ]
  }
]

References

www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS

0.002

Percentile

55.2%

JSON

Related for CVELIST:CVE-2020-11847