CVE-2024-4555

HIGH

Microfocus Netiq Access Manager - Improper Privilege Management

Title source: rule

Description

Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1

References (2)

[Release Notes, Vendor Advisory] https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html

[Release Notes, Vendor Advisory] https://www.microfocus.com/documentation/access-manager/5.1/accessmanager51-release-notes/accessmanager51-release-notes.html

Scores

CVSS v3 7.7

EPSS 0.0026

EPSS Percentile 49.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

Classification

CWE

CWE-269 CWE-266

Status published

Affected Products (1)

microfocus/netiq_access_manager < 5.0.4.1

Timeline

Published Aug 28, 2024

Tracked Since Feb 18, 2026