Lucene search

OpenTextVULNRICHMENT:CVE-2020-11847

HistoryAug 21, 2024 - 1:38 p.m.

CVE-2020-11847 Vulnerability in sshrelay in privileged access manager provides full system access.

2024-08-2113:38:44

CWE-78

OpenText

github.com

cve-2020-11847

sshrelay

privileged access manager

os command

full system access

bash

pam server

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

55.2%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:opentext:privileged_access_manager:*:*:*:*:*:*:*:*"
    ],
    "vendor": "opentext",
    "product": "privileged_access_manager",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "3.7.0.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

55.2%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2020-11847