Main Vulnerability Database Vulnerabilities #VU34162

Improper Privilege Management in Identity Manager - CVE-2020-11849

Published: July 8, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34162

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-11849

CWE-ID: CWE-269

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Identity Manager

Software vendor:
Oracle

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access.

Remediation

Install update from vendor's website.

External links

https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html
https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html

Improper Privilege Management in Identity Manager - CVE-2020-11849

Description

Remediation

External links

Please verify you're human