CVE-2020-11847

HIGH

Microfocus Netiq Privileged Access Manager - OS Command Injection

Title source: rule

Description

SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.

References (1)

[Release Notes] https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html

Scores

CVSS v3 8.2

EPSS 0.0018

EPSS Percentile 38.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Classification

CWE

CWE-78

Status published

Affected Products (2)

microfocus/netiq_privileged_access_manager < 3.7

microfocus/netiq_privileged_access_manager

Timeline

Published Aug 21, 2024

Tracked Since Feb 18, 2026