Broadcom ≫ Symantec Privileged Access Management

This vulnerability allows appliance compromise at boot time.

A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types.

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file.

An improper input validation the CSRF filter results in unsanitized user input written to the application logs.

A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server.

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address.

An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request.

The vulnerability allows an unauthenticated attacker to access information in PAM database.

A specific authentication strategy allows a malicious attacker to learn ids of all PAM users defined in its database.

The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships.