Lucene search

OpenTextCVELIST:CVE-2024-4555

HistoryAug 28, 2024 - 6:27 a.m.

CVE-2024-4555 User impersonation with MFA when configure in specific way

2024-08-2806:27:21

CWE-269

OpenText

www.cve.org

cve-2024-4555

user impersonation

mfa

opentext netiq access manager

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

18.6%

JSON

Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "NetIQ Access Manager",
    "vendor": "OpenText",
    "versions": [
      {
        "lessThan": "<",
        "status": "affected",
        "version": "5.0.4.1",
        "versionType": "server"
      },
      {
        "lessThan": "<",
        "status": "affected",
        "version": "5.1",
        "versionType": "server"
      }
    ]
  }
]

References

www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html

www.microfocus.com/documentation/access-manager/5.1/accessmanager51-release-notes/accessmanager51-release-notes.html

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

18.6%

JSON

Related for CVELIST:CVE-2024-4555