Filtered by vendor Broadcom
Subscriptions
Filtered by product Symantec Privileged Access Management
Subscriptions
Total
15 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24501 | 1 Broadcom | 1 Symantec Privileged Access Management | 2025-07-12 | N/A |
| An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request. | ||||
| CVE-2025-24500 | 1 Broadcom | 1 Symantec Privileged Access Management | 2025-03-13 | N/A |
| The vulnerability allows an unauthenticated attacker to access information in PAM database. | ||||
| CVE-2025-24506 | 1 Broadcom | 1 Symantec Privileged Access Management | 2025-02-05 | N/A |
| A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types. | ||||
| CVE-2025-24504 | 1 Broadcom | 1 Symantec Privileged Access Management | 2025-02-05 | N/A |
| An improper input validation the CSRF filter results in unsanitized user input written to the application logs. | ||||
| CVE-2025-24502 | 1 Broadcom | 1 Symantec Privileged Access Management | 2025-02-05 | N/A |
| An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address. | ||||
| CVE-2024-38496 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-12-03 | N/A |
| The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships. | ||||
| CVE-2024-36458 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-11-21 | N/A |
| The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions. | ||||
| CVE-2024-38495 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-11-21 | N/A |
| A specific authentication strategy allows a malicious attacker to learn ids of all PAM users defined in its database. | ||||
| CVE-2024-38494 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-11-21 | N/A |
| This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | ||||
| CVE-2024-38493 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI. | ||||
| CVE-2024-38492 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-11-21 | N/A |
| This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | ||||
| CVE-2024-36457 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-11-21 | N/A |
| The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint. | ||||
| CVE-2024-36456 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-11-21 | N/A |
| This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | ||||
| CVE-2024-36455 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-11-21 | N/A |
| An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | ||||
| CVE-2022-25625 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-11-21 | 8.8 High |
| A malicious unauthorized PAM user can access the administration configuration data and change the values. | ||||
Page 1 of 1.