CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11847 – Vulnerability in sshrelay in privileged access manager provides full system access.
https://notcve.org/view.php?id=CVE-2020-11847
21 Aug 2024 — SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1. • https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11846 – Improper handling of token allows access to restricted resource in Privileged Access Manager
https://notcve.org/view.php?id=CVE-2020-11846
21 Aug 2024 — A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1. A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager be... • https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html • CWE-269: Improper Privilege Management •