CVE-2020-11847

SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microfocus:netiq_privileged_access_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_privileged_access_manager:3.7:-:*:*:*:*:*:*

History

23 Aug 2024, 17:04

Type Values Removed Values Added
CPE cpe:2.3:a:microfocus:netiq_privileged_access_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:netiq_privileged_access_manager:3.7:-:*:*:*:*:*:*
First Time Microfocus
Microfocus netiq Privileged Access Manager
CVSS v2 : unknown
v3 : 8.2
v2 : unknown
v3 : 7.8
Summary
  • (es) El usuario autenticado por SSH cuando accede al servidor PAM puede ejecutar un comando del sistema operativo para obtener acceso completo al sistema mediante bash. Este problema afecta a Privileged Access Manager anterior a 3.7.0.1.
References () https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html - () https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html - Release Notes

21 Aug 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-21 14:15

Updated : 2024-08-23 17:04


NVD link : CVE-2020-11847

Mitre link : CVE-2020-11847

CVE.ORG link : CVE-2020-11847


JSON object : View

Products Affected

microfocus

  • netiq_privileged_access_manager
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')