7.5
CVE-2026-11877
- EPSS 0.18%
- Veröffentlicht 24.06.2026 14:01:38
- Zuletzt bearbeitet 29.06.2026 19:28:29
- Quelle security@opentext.com
- CVE-Watchlists
- Unerledigt
Missing Authorization Vulnerability in OpenText Access Manager
An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microfocus ≫ Access Manager Version >= 5.0 < 5.1
Microfocus ≫ Access Manager Version5.1 Update-
Microfocus ≫ Access Manager Version5.1 Updatepatch_update_2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.075 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| security@opentext.com | 6.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-648 Incorrect Use of Privileged APIs
The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.
https://portal.microfocus.com/s/article/KM000047450