OpenTextVULNRICHMENT:CVE-2020-11846CVE-2020-11846 Improper handling of token allows access to restricted resource in Privileged Access Manager
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
37.7%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources.Β This issue affects Privileged Access Manager before 3.7.0.1.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:opentext:privileged_access_manager:*:*:*:*:*:*:*:*"
],
"vendor": "opentext",
"product": "privileged_access_manager",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "3.7.0.1",
"versionType": "semver"
}
],
"defaultStatus": "unknown"
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
37.7%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total