OpenTextVULNRICHMENT:CVE-2024-4555CVE-2024-4555 User impersonation with MFA when configure in specific way
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
18.6%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario.Β This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*"
],
"vendor": "netiq",
"product": "access_manager",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "5.0.4.1",
"versionType": "custom"
},
{
"status": "affected",
"version": "0",
"lessThan": "5.1",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
18.6%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total