Lucene search

MicrofocusCVELIST:CVE-2022-26329

HistoryJan 24, 2023 - 12:00 a.m.

CVE-2022-26329 File existence disclosue vulnerability in IDM plugin

2023-01-2400:00:00

CWE-538

microfocus

www.cve.org

cve-2022-26329

file existence disclosure

idm plugin

netiq identity manager

1.8 Low

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.3%

JSON

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.

CNA Affected

[
  {
    "vendor": "Micro Focus",
    "product": "NetIQ Identity Manager",
    "versions": [
      {
        "version": "NetIQ Identity Manager",
        "status": "affected",
        "lessThan": "4.8.5",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "ALL"
    ]
  }
]

References

www.netiq.com/documentation/identity-manager-48/releasenotes_idm485/data/software-fixes.html

1.8 Low

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.3%

JSON

Related for CVELIST:CVE-2022-26329