CVE-2022-25625

A malicious unauthorized PAM user can access the administration configuration data and change the values.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
symantecCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
broadcomsymantec_privileged_access_management
3.4.0.0 ≤
𝑥
< 3.4.6.05
broadcomsymantec_privileged_access_management
4.0.0.0 ≤
𝑥
< 4.0.0.05
broadcomsymantec_privileged_access_management
4.0.1.0 ≤
𝑥
< 4.0.1.19
broadcomsymantec_privileged_access_management
4.0.2.0 ≤
𝑥
< 4.0.2.04
broadcomsymantec_privileged_access_management
4.0.3.0 ≤
𝑥
< 4.0.3.01
broadcomsymantec_privileged_access_management
4.1.0.0 ≤
𝑥
< 4.1.0.10
𝑥
= Vulnerable software versions
References
https://support.broadcom.com/external/content/SecurityAdvisories/0/20850
https://support.broadcom.com/external/content/SecurityAdvisories/0/20850