Vulnerability identifier: #VU22542
Vulnerability risk: High
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-354
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cloud Access Manager
Other software /
Other software solutions
Vendor: One Identity
Description
The vulnerability allows a remote attacker to escalate privileges on the system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Cloud Access Manager: 8.1 - 8.1.4
External links
http://github.com/FurqanKhan1/CVE-2019-13496
http://support.oneidentity.com/cloud-access-manager/kb/311391/cloud-access-manager-8-1-4-hotfix-1
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.