CVE-2020-11846

Name of the Vulnerable Software and Affected Versions OpenText Privileged Access Manager versions prior to 3.7.0.1

Description A vulnerability found in OpenText Privileged Access Manager issues a token, and on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue is related to improper privilege management in the Token Handler, which can lead to remote exploitation.

Recommendations For versions prior to 3.7.0.1, upgrade the affected component to version 3.7.0.1 or later to mitigate the risk. As a temporary workaround, consider restricting access to the Token Handler to minimize the risk of exploitation.