CVE-2022-25626

2022-12-1600:00:00

symantec

www.cve.org

identity manager

unauthenticated access

management console

web session

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

33.0%

JSON

An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Symantec Identity Governance and Administration",
    "versions": [
      {
        "version": "14.3, 14.4",
        "status": "affected"
      }
    ]
  }
]

References

support.broadcom.com/external/content/SecurityAdvisories/0/21136