Lucene search

[email protected]NVD:CVE-2022-25626

HistoryDec 16, 2022 - 4:15 p.m.

CVE-2022-25626

2022-12-1616:15:21

[email protected]

web.nvd.nist.gov

cve-2022-25626

identity manager

unauthenticated access

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

33.0%

JSON

An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session.

Affected configurations

Nvd

Node

broadcomsymantec_identity_governance_and_administrationMatch14.3

broadcomsymantec_identity_governance_and_administrationMatch14.4

VendorProductVersionCPE
broadcomsymantec_identity_governance_and_administration14.3cpe:2.3:a:broadcom:symantec_identity_governance_and_administration:14.3:*:*:*:*:*:*:*
broadcomsymantec_identity_governance_and_administration14.4cpe:2.3:a:broadcom:symantec_identity_governance_and_administration:14.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
broadcom	symantec_identity_governance_and_administration	14.3	cpe:2.3:a:broadcom:symantec_identity_governance_and_administration:14.3:::::::*
broadcom	symantec_identity_governance_and_administration	14.4	cpe:2.3:a:broadcom:symantec_identity_governance_and_administration:14.4:::::::*

References

support.broadcom.com/external/content/SecurityAdvisories/0/21136

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

33.0%

JSON

Related for NVD:CVE-2022-25626

cve1 prion1 cvelist1