CVE-2020-11847
High
Published: 21 August 2024
Published
21 August 2024
Modified
23 August 2024
KEV Added
—
Patch
—
CVSS Score v3.1
8.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score
0.0018
38.7th percentile
Risk Priority
17
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2020-11847 is a high-severity OS Command Injection (CWE-78) vulnerability in Microfocus Netiq Privileged Access Manager. Its CVSS base score is 8.2 (High).
Operationally, ranked at the 38.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-4187
Vulnerability details
SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
microfocus
netiq privileged access manager
3.7 · ≤ 3.7
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.