CVE-2020-11846

Improper handling of token allows access to restricted resource in Privileged Access Manager

Description

A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.

INFO

Published Date :

2024-08-21T13:37:11.454Z

Last Modified :

2024-08-21T14:40:15.436Z

Source :

OpenText

AFFECTED PRODUCTS

The following products are affected by CVE-2020-11846 vulnerability.

Vendors	Products
Microfocus	Netiq Privileged Access Manager
Opentext	Privileged Access Manager

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2020-11846.

URL	Resource
https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact