{"containers": {"cna": {"affected": [{"product": "Identity Manager", "vendor": "Micro Fosus", "versions": [{"lessThanOrEqual": "4.7.3", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "4.8.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Mark van Reijn, of IDFocus."}], "datePublic": "2020-07-07T00:00:00", "descriptions": [{"lang": "en", "value": "Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access."}], "exploits": [{"lang": "en", "value": "Elevation of privilege and/or unauthorized access"}], "problemTypes": [{"descriptions": [{"description": "Elevation of privilege and/or unauthorized access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:30", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html"}], "solutions": [{"lang": "en", "value": "For version 4.7.3 https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html\nFor version 4.8.1 https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Elevation of privilege and unauthorized access in Micro Focus Identity Manager product", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "DATE_PUBLIC": "2020-07-07T20:00:00.000Z", "ID": "CVE-2020-11849", "STATE": "PUBLIC", "TITLE": "Elevation of privilege and unauthorized access in Micro Focus Identity Manager product"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Identity Manager", "version": {"version_data": [{"version_affected": "<=", "version_value": "4.7.3"}, {"version_affected": "<=", "version_value": "4.8.1"}]}}]}, "vendor_name": "Micro Fosus"}]}}, "credit": [{"lang": "eng", "value": "Mark van Reijn, of IDFocus."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access."}]}, "exploit": [{"lang": "en", "value": "Elevation of privilege and/or unauthorized access"}], "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Elevation of privilege and/or unauthorized access"}]}]}, "references": {"reference_data": [{"name": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html", "refsource": "MISC", "url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html"}, {"name": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html", "refsource": "MISC", "url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html"}]}, "solution": [{"lang": "en", "value": "For version 4.7.3 https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html\nFor version 4.8.1 https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html"}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:41:59.919Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2020-11849", "datePublished": "2020-07-08T13:30:36.737561Z", "dateReserved": "2020-04-16T00:00:00", "dateUpdated": "2024-09-17T01:30:32.313Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:identity_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "3573217C-CFC5-4182-A155-A7AE7BC32D90", "versionEndExcluding": "4.7.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:identity_manager:4.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D8DE9224-3E08-4106-BC98-B3D55A1534EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:identity_manager:4.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "B47A735B-9D09-4B3D-AAED-622CD28A0CD6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access."}, {"lang": "es", "value": "Una elevaci\u00f3n de privilegios y/o vulnerabilidad de acceso no autorizado en Micro Focus Identity Manager. Afecta las versiones anteriores a 4.7.3 y 4.8.1 hotfix 1. La vulnerabilidad podr\u00eda permitir una exposici\u00f3n de informaci\u00f3n que puede resultar en una elevaci\u00f3n de privilegios o un acceso no autorizado"}], "id": "CVE-2020-11849", "lastModified": "2024-11-21T04:58:45.160", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-08T14:15:10.320", "references": [{"source": "security@opentext.com", "url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html"}, {"source": "security@opentext.com", "url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}