CVE-2024-4556

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.5 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html	Release Notes
https://www.microfocus.com/documentation/access-manager/5.1/accessmanager51-release-notes/accessmanager51-release-notes.html	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:microfocus:netiq_access_manager:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-08-28 07:15

Updated : 2024-09-12 15:09

NVD link : CVE-2024-4556

Mitre link : CVE-2024-4556

CVE.ORG link : CVE-2024-4556

JSON object : View

Products Affected

microfocus

netiq_access_manager

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2024-4556", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@opentext.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-08-28T07:15:10.320", "references": [{"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html", "tags": ["Release Notes"], "source": "security@opentext.com"}, {"url": "https://www.microfocus.com/documentation/access-manager/5.1/accessmanager51-release-notes/accessmanager51-release-notes.html", "tags": ["Release Notes"], "source": "security@opentext.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@opentext.com", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information.\u00a0This issue affects NetIQ Access Manager before 5.0.4 and before 5.1."}, {"lang": "es", "value": "La vulnerabilidad de limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido (\"Path Traversal\") en OpenText NetIQ Access Manager permite acceder a informaci\u00f3n confidencial. Este problema afecta a NetIQ Access Manager anterior a 5.0.4 y anterior a 5.1."}], "lastModified": "2024-09-12T15:09:55.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:netiq_access_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96CD67B1-1A6C-4485-853F-A62402766C14", "versionEndExcluding": "5.0.4"}], "operator": "OR"}]}], "sourceIdentifier": "security@opentext.com"}