Lucene search

[email protected]NVD:CVE-2024-4555

HistoryAug 28, 2024 - 7:15 a.m.

CVE-2024-4555

2024-08-2807:15:09

CWE-269

[email protected]

web.nvd.nist.gov

opentext netiq access manager

improper privilege management

user account impersonation

vulnerability

cve-2024-4555

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

18.6%

JSON

Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1

Affected configurations

Nvd

Node

microfocusnetiq_access_managerRange<5.0.4.1

VendorProductVersionCPE
microfocusnetiq_access_manager*cpe:2.3:a:microfocus:netiq_access_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microfocus	netiq_access_manager	*	cpe:2.3:a:microfocus:netiq_access_manager::::::::

References

www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html

www.microfocus.com/documentation/access-manager/5.1/accessmanager51-release-notes/accessmanager51-release-notes.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

18.6%

JSON

Related for NVD:CVE-2024-4555

vulnrichment1 cve1 cvelist1