CVE-2022-26326 - Vulnerability Details - OpenCVE

Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microfocus	Netiq Access Manager

Configuration 1 [-]

cpe:2.3:a:microfocus:netiq_access_manager:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h

History

No history.

MITRE

Status: PUBLISHED

Assigner: microfocus

Published: 2022-05-02T18:43:42

Updated: 2024-08-03T05:03:32.393Z

Reserved: 2022-02-28T00:00:00

Link: CVE-2022-26326

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-05-02T19:15:09.147

Modified: 2024-11-21T06:53:45.367

Link: CVE-2022-26326

Redhat

No data.

{"containers": {"cna": {"affected": [{"platforms": ["All"], "product": "NetIQ Access Manager", "vendor": "Micro Focus", "versions": [{"lessThan": "5.0.2", "status": "affected", "version": "NetIQ Access Manager", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-02T18:43:42", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"}], "source": {"discovery": "EXTERNAL"}, "title": "Potential open redirection vulnerability in NetIQ Access Manager versions prior to version 5.0.2", "workarounds": [{"lang": "en", "value": "Install / Upgrade NetIQ Access Manager 5.0.2"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2022-26326", "STATE": "PUBLIC", "TITLE": "Potential open redirection vulnerability in NetIQ Access Manager versions prior to version 5.0.2"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NetIQ Access Manager", "version": {"version_data": [{"platform": "All", "version_affected": "<", "version_name": "NetIQ Access Manager", "version_value": "5.0.2"}]}}]}, "vendor_name": "Micro Focus"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2"}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"}]}]}, "references": {"reference_data": [{"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h", "refsource": "CONFIRM", "url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"}]}, "source": {"discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Install / Upgrade NetIQ Access Manager 5.0.2"}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:03:32.393Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2022-26326", "datePublished": "2022-05-02T18:43:42", "dateReserved": "2022-02-28T00:00:00", "dateUpdated": "2024-08-03T05:03:32.393Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:netiq_access_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB428964-C331-41BA-9FE1-48DED60D17B2", "versionEndExcluding": "5.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2"}, {"lang": "es", "value": "Una potencial vulnerabilidad de redireccionamiento abierto cuando la URL est\u00e1 dise\u00f1ada en un formato espec\u00edfico en NetIQ Access Manager versiones anteriores a 5.0.2"}], "id": "CVE-2022-26326", "lastModified": "2024-11-21T06:53:45.367", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 3.6, "source": "security@opentext.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-02T19:15:09.147", "references": [{"source": "security@opentext.com", "url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "security@opentext.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}