Improper Privilege Management in Identity Manager - CVE-2020-11849

 

Improper Privilege Management in Identity Manager - CVE-2020-11849

Published: July 8, 2020 / Updated: August 8, 2020


Vulnerability identifier: #VU34162
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2020-11849
CWE-ID: CWE-269
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Oracle
Affected software:
Identity Manager

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access.


How to mitigate CVE-2020-11849

Install update from vendor's website.

Sources