A malicious unauthorized PAM user can access the administration configuration data and change the values.
8.8CVSS
8.6AI Score
0.001EPSS
A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.
6.1CVSS
5.8AI Score
0.0005EPSS