CVE-2020-11847

Vulnerability in sshrelay in privileged access manager provides full system access.

Description

SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.

INFO

Published Date :

2024-08-21T13:38:44.228Z

Last Modified :

2024-08-22T13:50:29.679Z

Source :

OpenText

AFFECTED PRODUCTS

The following products are affected by CVE-2020-11847 vulnerability.

Vendors	Products
Microfocus	Netiq Privileged Access Manager
Opentext	Privileged Access Manager

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2020-11847.

URL	Resource
https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact