CVE-2020-11847 HIGH

CVE-2020-11847: Vulnerability in sshrelay in privileged access manager provides full system access.

Vendor Opentext
Product Privileged Access Manager
Weakness CWE-78
Published August 21, 2024
Last update August 22, 2024

CVSS base score

8.2/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.

Key dates

02Disclosure timeline

August 21, 2024 CVE published
August 22, 2024 Record updated