CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38494 – Symantec Privileged Access Manager Remote Command Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-38494
15 Jul 2024 — This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. Esta vulnerabilidad permite a un usuario de PAM autenticado con altos privilegios lograr la ejecución remota de comandos en el sistema PAM afectado enviando una solicitud HTTP especialmente manipulada. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38493 – Symantec Privileged Access Manager Reflected Cross Site Scripting vulnerability
https://notcve.org/view.php?id=CVE-2024-38493
15 Jul 2024 — A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI. Existe una vulnerabilidad cross-site scripting (XSS) reflejada en la interfaz web de PAM UI. Un atacante remoto capaz de convencer a un usuario de PAM para que haga clic en un enlace especialmente manipulado a la interfaz web de PAM ... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38492 – Symantec Privileged Access Manager Remote Command Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-38492
15 Jul 2024 — This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. Esta vulnerabilidad permite a un atacante no autenticado lograr la ejecución remota de comandos en el sistema PAM afectado cargando un archivo de actualización de PAM especialmente manipulado. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38491 – Symantec Privileged Access Manager SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-38491
15 Jul 2024 — The vulnerability allows an unauthenticated attacker to read arbitrary information from the database. La vulnerabilidad permite a un atacante no autenticado leer información arbitraria de la base de datos. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36458 – Symantec Privileged Access Manager Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-36458
15 Jul 2024 — The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions. La vulnerabilidad permite a un usuario malicioso de PAM con pocos privilegios realizar acciones relacionadas con la actualización del servidor. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36457 – Symantec Privileged Access Manager Authentication Bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-36457
15 Jul 2024 — The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint. La vulnerabilidad permite a un atacante eludir los requisitos de autenticación para un endpoint PAM específico. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36456 – Symantec Privileged Access Manager Remote Command Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-36456
15 Jul 2024 — This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. Esta vulnerabilidad permite a un atacante no autenticado lograr la ejecución remota de comandos en el sistema PAM afectado cargando un archivo de actualización de PAM especialmente manipulado. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36455 – Symantec Privileged Access Manager Remote Command Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-36455
15 Jul 2024 — An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. Una validación de entrada incorrecta permite que un atacante no autenticado logre la ejecución remota de comandos en el sistema PAM afectado enviando una solicitud HTTP especialmente manipulada. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 • CWE-665: Improper Initialization •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-25625
https://notcve.org/view.php?id=CVE-2022-25625
26 Aug 2022 — A malicious unauthorized PAM user can access the administration configuration data and change the values. Un usuario PAM malicioso y no autorizado puede acceder a los datos de configuración de la administración y cambiar los valores. • https://support.broadcom.com/external/content/SecurityAdvisories/0/20850 •