Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-11847

SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.

Published

2024-08-21T14:15:07.957

Last Modified

2024-08-23T17:04:30.110

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.2 (HIGH)

Weaknesses

Type: Secondary
CWE-78
Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microfocus	netiq_privileged_access_manager	< 3.7	Yes
Application	microfocus	netiq_privileged_access_manager	3.7	Yes

References

https://www.netiq.com/documentation/privileged-account-manager-37/npam_3701_releasenotes/data/npam_3701_releasenotes.html Release Notes ([email protected])