5.9.7.1

CVSS 6.8 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

oneidentity

NVD

Published: 2023-09-27

Updated: 2024-11-21

Summary

One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges.

Vulnerable Configurations

Part	Description	Count
Application	Oneidentity Oneidentity Password Manager 5.12.0 Oneidentity Password Manager 5.9.7.1 Oneidentity Password Manager 5.10.1	3

References

https://www.gov.il/en/Departments/faq/cve_advisories
https://www.gov.il/en/Departments/faq/cve_advisories