CVE-2022-26329

EPSS 0.3%
Published 26.01.2023 21:15:32
Last modified 21.11.2024 06:53:45
Source security@opentext.com
Teams watchlist Login
Open Login

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Netiq ≫ Identity Manager Version < 4.8.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.3%	0.528

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
security@opentext.com	1.8	0.4	1.4	CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm485/data/software-fixes.html

https://nvd.nist.gov/vuln/detail/CVE-2022-26329

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-26329

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-26329

EUVD