CVE-2024-38491 – Symantec Privileged Access Manager SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-38491
The vulnerability allows an unauthenticated attacker to read arbitrary information from the database. La vulnerabilidad permite a un atacante no autenticado leer información arbitraria de la base de datos. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 •
CVE-2024-36458 – Symantec Privileged Access Manager Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-36458
The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions. La vulnerabilidad permite a un usuario malicioso de PAM con pocos privilegios realizar acciones relacionadas con la actualización del servidor. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 •
CVE-2024-36457 – Symantec Privileged Access Manager Authentication Bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-36457
The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint. La vulnerabilidad permite a un atacante eludir los requisitos de autenticación para un endpoint PAM específico. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 • CWE-306: Missing Authentication for Critical Function •
CVE-2024-36456 – Symantec Privileged Access Manager Remote Command Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-36456
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. Esta vulnerabilidad permite a un atacante no autenticado lograr la ejecución remota de comandos en el sistema PAM afectado cargando un archivo de actualización de PAM especialmente manipulado. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-36455 – Symantec Privileged Access Manager Remote Command Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-36455
An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. Una validación de entrada incorrecta permite que un atacante no autenticado logre la ejecución remota de comandos en el sistema PAM afectado enviando una solicitud HTTP especialmente manipulada. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 • CWE-665: Improper Initialization •