CVE-2022-25627 — Improper Access Control in Symantec Identity Governance AND Administration

CWE-284 — Improper Access Control3 documents3 sources

Severity

6.7MEDIUMNVD

EPSS

0.2%

top 59.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Symantec Identity Governance AND Administration

Timeline

PublishedDec 16

Latest updateDec 21

Description

An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5broadcom/symantec_identity_governance_and_administration14.3, 14.4

▶NVDbroadcom/symantec_identity_governance_and_administration14.3, 14.4+1

🔴Vulnerability Details

GHSA

GHSA-r877-389w-8vx8: An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Ide↗2022-12-21

▶

CVEList

CVE-2022-25627: An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Ide↗2022-12-16

▶