2 matches found
CVE-2022-25625
CVE-2022-25625 relates to Broadcom Symantec Privileged Access Management. The connected sources describe an elevation-of-privilege issue where a malicious unauthorized PAM user can access the administration configuration data and change values. The vulnerability is characterized by MFA-enabled en...
CVE-2024-38493
CVE-2024-38493 is a reflected XSS in Broadcom Symantec PAM: the PAM UI web interface fails to filter/escape user input, allowing a remote attacker to persuade a user to click a crafted link and execute arbitrary client-side code in the PAM UI context. Multiple sources corroborate the vulnerabilit...