CVE-2020-11846

HIGH

OpenText Privileged Access Manager < 3.7.0.1 - Unauthenticated Privilege Escalation via Token Cookie

Title source: llm

Description

A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.

References (1)

Core 1

Core References

Release Notes

https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html

Scores

CVSS v3 8.7

EPSS 0.0021

EPSS Percentile 43.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (2)

microfocus/netiq_privileged_access_manager 3.7

microfocus/netiq_privileged_access_manager < 3.7

Published Aug 21, 2024

Tracked Since Feb 18, 2026