Lucene search

SymantecCVE-2022-25625

HistoryAug 26, 2022 - 4:15 p.m.

CVE-2022-25625

2022-08-2616:15:09

symantec

web.nvd.nist.gov

cve-2022-25625

pam

unauthorized access

admin configuration

data breach

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON

A malicious unauthorized PAM user can access the administration configuration data and change the values.

Affected configurations

Nvd

Node

broadcomsymantec_privileged_access_managementRange3.4.0.0–3.4.6.05

broadcomsymantec_privileged_access_managementRange4.0.0.0–4.0.0.05

broadcomsymantec_privileged_access_managementRange4.0.1.0–4.0.1.19

broadcomsymantec_privileged_access_managementRange4.0.2.0–4.0.2.04

broadcomsymantec_privileged_access_managementRange4.0.3.0–4.0.3.01

broadcomsymantec_privileged_access_managementRange4.1.0.0–4.1.0.10

VendorProductVersionCPE
broadcomsymantec_privileged_access_management*cpe:2.3:a:broadcom:symantec_privileged_access_management:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
broadcom	symantec_privileged_access_management	*	cpe:2.3:a:broadcom:symantec_privileged_access_management::::::::

CNA Affected

[
  {
    "product": "Symantec Privileged Access Management (PAM)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "4.1.0"
      }
    ]
  }
]

References

support.broadcom.com/external/content/SecurityAdvisories/0/20850

Social References

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON

Related for CVE-2022-25625