Description

SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.

Related CPE's

a

microfocus

netiq_privileged_access_manager

2

References

https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html

Release Notes

Weaknesses

[email protected]

Secondary
CWE-78

[email protected]

Primary
CWE-78

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

8.2 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-08-21T12:15:07.957Z

1 year ago

Last modified

2024-08-23T15:04:30.110Z

1 year ago