Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-36455— Symantec Privileged Access Manager Remote Command Execution vulnerability

EPSS 1.13% · P78
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-36455

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Symantec Privileged Access Manager Remote Command Execution vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Broadcom Symantec Privileged Access Management 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Broadcom Symantec Privileged Access Management(Broadcom Symantec PAM)是美国博通(Broadcom)公司的一种安全软件。通过保护敏感的管理凭据、控制特权用户访问、主动实施安全策略以及监控和记录虚拟、云和物理环境中的特权用户活动来帮助防止安全漏洞。 Broadcom Symantec Privileged Access Management存在安全漏洞,该漏洞源于存在不正确的输入验证,导致攻击者可通过发送特制的HTTP请求在受影响的PAM系
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
BroadcomSymantec Privileged Access Management 4.1.0 - 4.1.7 -

II. Public POCs for CVE-2024-36455

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-36455

登录查看更多情报信息。

Same Patch Batch · Broadcom · 2024-07-15 · 10 CVEs total

CVE-2024-38496Symantec Privileged Access Manager Insecure Direct Object Reference vulnerability
CVE-2024-38494Symantec Privileged Access Manager Remote Command Execution vulnerability
CVE-2024-38492Symantec Privileged Access Manager Remote Command Execution vulnerability
CVE-2024-38491Symantec Privileged Access Manager SQL Injection vulnerability
CVE-2024-38493Symantec Privileged Access Manager Reflected Cross Site Scripting vulnerability
CVE-2024-38495Symantec Privileged Access Manager User Enumeration vulnerability
CVE-2024-36458Symantec Privileged Access Manager Privilege Escalation vulnerability
CVE-2024-36457Symantec Privileged Access Manager Authentication Bypass vulnerability
CVE-2024-36456Symantec Privileged Access Manager Remote Command Execution vulnerability

IV. Related Vulnerabilities

Same product: Symantec Privileged Access Management
Same vendor: Broadcom

V. Comments for CVE-2024-36455

No comments yet

Leave a comment