CVE-2022-26329
File existence disclosue vulnerability in IDM plugin
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.
Vulnerabilidad de divulgación de existencia de archivos en el complemento NetIQ Identity Manager anterior a la versión 4.8.5 permite a un atacante determinar si un archivo existe en el sistema de archivos. Este problema afecta a: Micro Focus NetIQ Identity Manager Versiones de NetIQ Identity Manager anteriores a 4.8.5 en TODOS.
*Credits:
Special thanks go to Kajetan Rostojek for responsibly disclosing this information to us.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-02-28 CVE Reserved
- 2023-01-24 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory
- CWE-668: Exposure of Resource to Wrong Sphere
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm485/data/software-fixes.html |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netiq Search vendor "Netiq" | Identity Manager Search vendor "Netiq" for product "Identity Manager" | < 4.8.5 Search vendor "Netiq" for product "Identity Manager" and version " < 4.8.5" | - |
Affected
| ||||||