CVE-2020-11846 | Improper handling of token allows access to restricted resource in Privileged Access Manager
A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.
Conclusion & alert: CVE-2020-11846 is rated Moderate Risk (42.7/100): CVSS High severity, with low exploitation likelihood (EPSS 0.31%).Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Exploit prediction scoring system (EPSS) score for CVE-2020-11846
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).