CVE-2022-26329
1.8
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
Summary
File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Micro Focus | NetIQ Identity Manager | NetIQ Identity Manager < 4.8.5 | affected |
Weaknesses
- CWE-538: CWE-538 File and Directory Information Exposure
Workarounds
Update to the NetIQ Identity Manager 4.8.5 or above.
ADP Enrichment
CVE Program Container
Additional References
- https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm485/data/software-fixes.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm485/data/software-fixes.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.